Fully hosted Domain Names and Joomla Websites

Importance of Good Passwords

Had an issue with a customers server and it being reported of sending out spam.

Went and had a look at the mail queue and there were a couple of hundred rejected emails sitting in the queue unable to be delivered due to invalid addresses. So how many had been sent to successful addresses?

/var/log/maillog

cat /var/log/maillog|grep "from=<
  This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 >"
Feb 26 23:51:48 xxx sendmail[24483]: o1QApmA3024483: from=<
  This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 >, size=2517,, nrcpts=100, msgid=<
  This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 >, proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]
Feb 26 23:52:45 xxx sendmail[24573]: o1QAqj3q024573: from=<
  This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 >, size=2517,, nrcpts=100, msgid=<
  This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 >, proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]
Feb 27 00:01:55 xxx sendmail[25544]: o1QB1tZ0025544: from=<
  This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 >, size=2513,, nrcpts=100, msgid=<
  This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 >, proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]
Feb 27 00:03:49 xxx sendmail[25898]: o1QB3nvL025898: from=<
  This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 >, size=2513,, nrcpts=100, msgid=<
  This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 >, proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]

then

cat /var/log/maillog|grep -c "from=<
  This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 >"
70

70 emails sent with 60 to 100 recipients in each.

var/log/http/access.log

cat /var/log/httpd/access_log|grep "26/Feb/2010:23:52"
cat /var/log/httpd/access_log|grep "26/Feb/2010:23:52"
cat /var/log/httpd/access_log|grep "27/Feb/2010:00:01"
cat /var/log/httpd/access_log|grep "27/Feb/2010:00:03"

Each one has a compose statment from Horde

41.217.65.3 - - [26/Feb/2010:23:52:18 +1300] "POST /horde/imp/compose.php?uniq=62pyjpm6iua1 HTTP/1.1" 200 73 "http://xxx.xxxxxx.net.nz/horde/imp/compose.php?thismailbox=INBOX&uniq=1267181512410" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1; InfoPath.2)"

/tmp/horde.log

Therefore lets have a look at the Horde log file.

cat /tmp/horde.log |grep "Feb 26 23:"

Feb 26 23:49:39 HORDE [notice] [imp] Login success for 
  This e-mail address is being protected from spambots. You need JavaScript enabled to view it
  [41.217.65.3] to {xxx.xxxxxx.net.nz:143} [on line 154 of "/var/www/html/horde/imp/redirect.php"]

Notice the IP address 41.217.65.3

cat /var/log/httpd/access_log|grep "41.217.65.3"|grep -c  /horde/imp/compose.php
2024

That is 2024 accesses to compose emails from this IP Address.

This is not a program but a person who has cracked the user This e-mail address is being protected from spambots. You need JavaScript enabled to view it password and is using this account to send spam.

cat /tmp/horde.log |grep "41.217.65.3"

Shows this started on the 19th, but did not take off till the 25th.

41.217.65.3

whois 41.217.65.3

[Querying whois.afrinic.net]

[whois.afrinic.net]

% This is the AfriNIC Whois server.

 

% Note: this output has been filtered.

 

% Information related to '41.217.0.0 - 41.217.127.255'

 

inetnum: 41.217.0.0 - 41.217.127.255

netname: ZOOMNIGERIA

descr: ZOOM Mobile Nigeria Ltd

country: NG

admin-c: AI22-AFRINIC

tech-c: EK8-AFRINIC

org: ORG-ZMNL1-AFRINIC

status: ALLOCATED PA

mnt-by: AFRINIC-HM-MNT

mnt-lower: ZOOMNIGERIA-MNT

mnt-domains: ZOOMNIGERIA-MNT

source: AFRINIC # Filtered

parent: 41.0.0.0 - 41.255.255.255

 

organisation: ORG-ZMNL1-AFRINIC

org-name: ZOOM Mobile Nigeria Ltd

org-type: LIR

country: NG

address: 8A, Adeola Odeku Street

address: City: Victoria Island, Lagos

address: Postal Code: 999999*

address: Lagos

e-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

e-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

e-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

phone: +234-1-4312811

admin-c: AI22-AFRINIC

admin-c: TI3-AFRINIC

tech-c: EK8-AFRINIC

mnt-ref: AFRINIC-HM-MNT

mnt-ref: ZOOMNIGERIA-MNT

mnt-by: AFRINIC-HM-MNT

source: AFRINIC # Filtered

 

person: Andy Ibekaku

remarks: Chief Technical Officer (CTO)

remarks: ZOOM Mobile Nigeria Ltd

address: 8A, Adeola Odeku Street,

address: Victoria Island,

address: Lagos, Nigeria

phone: +23414807505

e-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

org: ORG-ZMNL1-AFRINIC

nic-hdl: AI22-AFRINIC

mnt-by: ZOOMNIGERIA-MNT

source: AFRINIC # Filtered

 

person: Emi Kennedy

remarks: IP/VSAT Transmission

remarks: ZOOM Mobile Nigeria Ltd

address: 8A, Adeola Odeku Street,

address: Victoria Island,

address: Lagos, Nigeria

phone: +23414312811

</code>

 

Not much luck going there.

 

Monitoring

Cacti

SmokePing

iNet

Have us monitor your Servers, Networks and Internet access.

 

Hardware

Call 06-379-6668 [021-827-660] or email us for any of your Hardware needs.

 

 

so you need a website Host

The Internet is where we Live.

.NZ

 Get a Domain Name in the New Zealand .nz name space.
1 Year, No Website, cPanel access and control, 10 email addresses : $56.25nz
We are a full service Web Hosting Company.
We run the lastest software releases of CentOS and cPanel enabling you to manage all your web hosting and domain name needs.
Or we can do it all for you.
With over 60 different website presentation tools from Joomla a fully featured CMS to Photo Gallery software, Word Press for Blogging, and classified ad software. What ever your need it, we have a solution.

Wiz Kit

1 Domain Name
cPanel access and control
50 Email Address or eMail Forwarding
1000 Meg Website
5 Databases (Joomla, phpBB, Coppermine etc)
5 Gig Traffic (Nightly, Weekly and Monthly backups)

$39.00 / Month Inc GST

Biz Kit

3 Domain Name
cPanel access and control
100 Email Address or eMail Forwarding
2000 Meg Website
10 Databases (Joomla, phpBB, Coppermine etc)
10 Gig Traffic (Nightly, Weekly and Monthly backups)

$70.00 / Month Inc GST

Joomla Templates

 Download Artisteer to create your own Joomla templates.
Send us the artx file and we will create the template for you for $10.00.

Wairarapa
Based
Internet

 WIZWireless provides the fasted Internet to Businesses and Homes in the Wairarapa.
10 Gig traffic a month $80+GST

Call 06-370-9210 for latest pricing. wizbiz.co.nz

 

Linux Home Servers

Our servers are all built around HP Hardware and the Linux distrubution CentOS.

Family & Home Business Server.

Use
Firewall, Email Server, File Server
Lease
Price
Hardware Running on al low spec'ed PC
Or second hand hardware.
2 x 500 GB HD in RAID1		 $50/mth $1,500.00
3 year Warranty hardware failure
(return to base)
 $15/mth $400.00
UPS 1700 watt
 $350.00
Software CentOS & System Patches
 $60/mth
Remote Backups
 $60/mth

Business Server.

Use
Firewall, Email Server, File Server
Lease
Price
Hardware

Running on HP Server Hardware
3 x 1 TB HD in RAID5
3 year warranty

 $2-5,000
Installation
 $2-4,000
UPS 1700 Watt
 $350.00
Software CentOS & System Patches
 $60/mth
Remote Backups
 $60/mth

All Prices Exclude GST

 
More Articles...
ai Domain Check
Domain Name :
Check All Domain Types
.co.nz .net.nz
.org.nz .gen.nz
.school.nz .ac.nz
.maori.nz .geek.nz
Login Form



feed-image

Copyright © 2009 -Access Information Limited-.
All Rights Reserved.

Joomla template created with Artisteer.