Re: ipop3d logwatch entry suspicious

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Roberto Figueroa wrote:
> I'm getting a lot of this entries in the LogWatch mail under ipop3d
> section:
> 
> Success, while reading line user=appowner
> host=customer123-149-157.iplannetworks.net
> <http://customer123-149-157.iplannetworks.net> [200.123.149.157
> <http://200.123.149.157>]: 1
> Time(s)
>     Success, while reading line user=mysql
> host=customer123-149-157.iplannetworks.net
> <http://customer123-149-157.iplannetworks.net> [200.123.149.157
> <http://200.123.149.157>]: 1
> Time(s)
>     Success, while reading line user=john
> host=customer123-149-157.iplannetworks.net
> <http://customer123-149-157.iplannetworks.net> [200.123.149.157
> <http://200.123.149.157>]: 1
> Time(s)
<snip>
> Obviously we don´t have any relationship with iplannetworks.net
> domain
> I'm running FC 5.

Mikkel L. Ellertson replied:
> It looks like john is checking his mail from home/work using
> iplannetworks.net as their ISP.

“john” I might accept. “appowner” and “mysql” shouldn’t be doing so!

This looks to me like someone unauthorized is trying to login to your
server.

My advice to Roberto is this: FC5 is no longer supported. You don’t seem
to be ready to handle security single-handed (if you were, you wouldn’t
be asking here). You’re evidently seeing random Internet users trying
your security.

You need to plan around a security problem being found with your version
of ipop3d. Either you need to follow the appropriate security lists, and
be ready to patch your version of ipop3d quickly, or you need to use a
supported operating system which will do this for you.

If you’re not prepared to update Fedora yearly to keep on supported
versions, I recommend that you move to CentOS, which can provide updates
for longer (thanks to Red Hat).

Hope this helps,

James.
-- 
E-mail:     james@ | In the Royal Air Force a landing’s OK,
aprilcottage.co.uk | If the pilot gets out and can still walk away.
                   | But in the Fleet Air Arm the outlook is grim,
                   | If your landings are duff and you’ve not learnt to swim.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux