>>>>> On Sun, 01 Jul 2007 23:32:16 +1000, Gary Thompson said: > > Bacula User group, > > Forwarded was an E-mail I had received with the subject "Hacker > Attack". I investigated the header of the E-mail, expecting it to be > random spam (it was sent by "test" who was at [EMAIL PROTECTED]") and > looking at the message trail, it appears to have originated from my I.P. > address (203.206.99.253). This is where I 'm concerned since I'm the > only person who uses this machine, and it went specifically to my own > E-mail. So here I am sending E-mails to myself. > > Could this be bsmtp? I have three PC's on the network, one windows and > two linux. I can understand that a variety of these could be the > source, however, I'm only aware of one having smtp capabilities, being > the same one running bacula and all other software I regularly use. In > addition, I have many e-mail addresses and this e-mail address also > happens to be the one configured for bacula to send e-mail. > > I've just finished a fresh install of this PC and am grateful I modified > bacula-dir and sd to not run as root user (it wasn't configured to do > that by default, apparently, by the gentoo package manager - since my > storage daemon wrote in a folder it should not have had access to unless > the filesystem was mounted). > > Anyway, I'm kind of stuck for thought. Hopefully there is nothing > malicious here and I can't work out what else could have sent this > E-mail. I also remember playing with bsmtp or perhaps some other mail > sending package and entering in the dummy user details of > "test<[EMAIL PROTECTED]>". > > I do suspect I have code on my system which has been modified and I have > received this e-mail a couple of times. If anyone has any advice on how > I can check if this could be bsmtp or perhaps something else (again, I > think of bacula specifically because of the e-mail address that this > e-mail was sent to). It could be some really clever spam / spoof thing > happening, but I feel that there are too many things pointing to my machine. > > I appreciate any help as I am concerned.
Bsmtp headers would contain From: Subject: Sender: To: Date: in that order, so it looks like something else (though it is possible that they could be mangled later). Given all those LastTimeStamp headers, maybe it is related to this linksys issue? http://jadeallen.com/toms/index.asp?DoAction=ReadDay&ID=364 http://www.google.co.uk/search?hl=en&q=%22Hacker+Attack%21%21%21%22+lasttimestamp&btnG=Search&meta= __Martin ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
