Attack on RaQ4 this morning

From my maillog - IP address shown is genuine.

Mar 17 04:20:16 www in.qpopper[17140]: EOF from at 217.59.60.50
(217.59.60.50): [0] 29 (Illegal seek); 0 (Success)
Mar 17 04:20:16 www in.qpopper[17140]: (null) at 217.59.60.50
(217.59.60.50): -ERR POP EOF or I/O Error: 29 (Illegal seek); 0 (Success)
Mar 17 04:20:17 www imapd[17141]: imap service init from 217.59.60.50
Mar 17 04:20:18 www in.qpopper[17144]: EOF from at 217.59.60.50
(217.59.60.50): [0] 29 (Illegal seek); 0 (Success)
Mar 17 04:20:18 www in.qpopper[17144]: (null) at 217.59.60.50
(217.59.60.50): -ERR POP EOF or I/O Error: 29 (Illegal seek); 0 (Success)
Mar 17 04:20:23 www in.qpopper[17167]: root at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Access is blocked for UIDs below 10
Mar 17 04:20:24 www in.qpopper[17168]: EOF from at 217.59.60.50
(217.59.60.50): [0] 29 (Illegal seek); 0 (Success)
Mar 17 04:20:24 www in.qpopper[17168]: (null) at 217.59.60.50
(217.59.60.50): -ERR POP EOF or I/O Error: 29 (Illegal seek); 0 (Success)
Mar 17 04:20:35 www in.qpopper[17170]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:20:40 www in.qpopper[17175]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:20:43 www in.qpopper[17183]: access at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "access" is incorrect.
Mar 17 04:20:46 www in.qpopper[17192]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:20:46 www in.qpopper[17194]: access at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "access" is incorrect.
Mar 17 04:20:46 www in.qpopper[17195]: account at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "account" is incorrect.
Mar 17 04:20:47 www in.qpopper[17196]: account at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "account" is incorrect.
Mar 17 04:20:48 www in.qpopper[17197]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:20:49 www in.qpopper[17199]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:20:50 www in.qpopper[17201]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:20:50 www in.qpopper[17202]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:20:52 www in.qpopper[17204]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:20:52 www in.qpopper[17205]: sybase at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "sybase" is incorrect.

<similar snipped to reduce message size for WHT>

Mar 17 04:20:59 www in.qpopper[17218]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:21:00 www in.qpopper[17214]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:21:00 www in.qpopper[17222]: oracle at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "oracle" is incorrect.
Mar 17 04:21:01 www in.qpopper[17223]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:21:01 www in.qpopper[17224]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:21:01 www in.qpopper[17226]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:21:02 www in.qpopper[17227]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:21:02 www in.qpopper[17228]: sybase at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "sybase" is incorrect.
Mar 17 04:21:03 www imapd[17141]: Command stream end of file, while reading
line user=??? host=[217.59.60.50]
Mar 17 04:21:04 www sendmail[17280]: g2H4L4C17280:
from=<cobalt-security-admin@list.cobalt.com>, size=3647, class=-60,
nrcpts=1, msgid=<20020314234304.2eb4a0e5.nico.meijer@zonnet.nl>,
proto=ESMTP, daemon=MTA, relay=[213.165.144.113]
Mar 17 04:21:04 www sendmail[17281]: g2H4L4C17280:
to=<eddie@qbit-testing.com>, delay=00:00:00, xdelay=00:00:00, mailer=local,
pri=139536, dsn=2.0.0, stat=Sent
Mar 17 04:21:05 www in.qpopper[17255]: access at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "access" is incorrect.
Mar 17 04:21:05 www in.qpopper[17256]: sybase at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "sybase" is incorrect.
Mar 17 04:21:05 www sendmail[17171]: NOQUEUE: [217.59.60.50] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Mar 17 04:21:06 www in.qpopper[17258]: test at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "test" is incorrect.
Mar 17 04:21:09 www in.qpopper[17263]: access at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "access" is incorrect.
Mar 17 04:21:09 www in.qpopper[17266]: user at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "user" is incorrect.
Mar 17 04:21:09 www in.qpopper[17264]: account at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "account" is incorrect.
Mar 17 04:21:09 www in.qpopper[17267]: user at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "user" is incorrect.
Mar 17 04:21:09 www in.qpopper[17268]: user at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "user" is incorrect.
Mar 17 04:21:09 www in.qpopper[17265]: account at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "account" is incorrect.
Mar 17 04:21:09 www in.qpopper[17270]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:21:10 www in.qpopper[17271]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:21:10 www in.qpopper[17272]: oracle at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "oracle" is incorrect.
Mar 17 04:21:11 www in.qpopper[17273]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:21:11 www in.qpopper[17274]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:21:11 www in.qpopper[17275]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:21:13 www in.qpopper[17276]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:21:13 www in.qpopper[17277]: sybase at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "sybase" is incorrect.
Mar 17 04:21:14 www in.qpopper[17278]: oracle at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "oracle" is incorrect.
Mar 17 04:21:16 www in.qpopper[17283]: access at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "access" is incorrect.
Mar 17 04:21:16 www in.qpopper[17284]: sybase at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "sybase" is incorrect.
Mar 17 04:21:18 www in.qpopper[17286]: test at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "test" is incorrect.
Mar 17 04:21:20 www in.qpopper[17288]: access at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "access" is incorrect.
Mar 17 04:21:20 www in.qpopper[17291]: user at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "user" is incorrect.
Mar 17 04:21:20 www in.qpopper[17290]: account at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "account" is incorrect.
Mar 17 04:21:20 www in.qpopper[17292]: user at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "user" is incorrect.
Mar 17 04:21:20 www in.qpopper[17293]: account at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "account" is incorrect.
Mar 17 04:21:20 www in.qpopper[17289]: user at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "user" is incorrect.
Mar 17 04:21:20 www in.qpopper[17294]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:21:20 www in.qpopper[17295]: web at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "web" is incorrect.
Mar 17 04:21:21 www in.qpopper[17296]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:21:21 www in.qpopper[17297]: oracle at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "oracle" is incorrect.
Mar 17 04:21:21 www in.qpopper[17298]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.
Mar 17 04:21:21 www in.qpopper[17299]: web at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "web" is incorrect.
Mar 17 04:21:21 www in.qpopper[17300]: backup at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "backup" is incorrect.
Mar 17 04:21:22 www in.qpopper[17302]: webmaster at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "webmaster" is incorrect.
Mar 17 04:21:23 www in.qpopper[17303]: data at 217.59.60.50
(217.59.60.50): -ERR [AUTH] Password supplied for "data" is incorrect.

 

 

 

 

Top