我刚刚收到以下“未送达消息”[电子邮件保护]
这是否意味着有人可能试图(或成功)攻击我?
(出于隐私目的,我更换了下面的某些部件,它并不完全是我在这里收到的原件 100%。)
This is the mail system at host mydomain.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<[email protected]>: host mta7.am0.yahoodns.net[98.138.112.35] said: 554
delivery error: dd Sorry your message to [email protected] cannot be
delivered. This account has been disabled or discontinued [#102]. -
mta1303.mail.ne1.yahoo.com (in reply to end of DATA command)
Reporting-MTA: dns; mydomain.com
X-Postfix-Queue-ID: 684A933780CC
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Tue, 14 Oct 2014 21:16:56 +0200 (CEST)
Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.0.0
Remote-MTA: dns; mta7.am0.yahoodns.net
Diagnostic-Code: smtp; 554 delivery error: dd Sorry your message to
[email protected] cannot be delivered. This account has been disabled
or discontinued [#102]. - mta1303.mail.ne1.yahoo.com
ForwardedMessage.eml
Subject:
TESTING - 2012
From:
[email protected] (root)
Date:
10/14/2014 9:16 PM
To:
[email protected]
#############################iNFOS#############################
#############################FOR YOU#############################
Linux servername 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux
uid=0(root) gid=0(root) context=system_u:system_r:initrc_t
#############################SSH iNFOS#############################
#############################FOR YOU#############################
#UsePAM no
UsePAM yes
PermitRootLogin
#GatewayPorts no
#ListenAddress 0.0.0.0
#ListenAddress ::
#############################SHADOWFILE#############################
#############################SHADOWFILE#############################
root:$1$H4zwKrgL$NA37jPGoTCiPA0mrq/OKq/:15231:0:99999:7:::
bin:*:15431:0:99999:7:::
daemon:*:15431:0:99999:7:::
info:$1$dO1pvRG.$DZUXjGeS4NgDpGNCwX.0b0:14241:0:99999:7::::::
postmaster:$1$gW7jPsgB$dh09VlQ/W0FALpPlR1fPt/:16127:0:99999:7:::
... more stuff like that
#############################iPS#############################
#############################iPS#############################
inet addr:111.11.111.11 Bcast:111.11.111.11 Mask:255.255.255.0
inet6 addr: ff11::11ff:11ff:ffff:1111/64 Scope:Link
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
#############################USERS WITH SHELL#############################
#############################USERS WITH SHELL#############################
root:x:0:0:root:/root:/bin/bash
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
... some more stuff like the first three lines
我不是最有经验的,所以如果有人能给我建议这意味着什么以及下一步该做什么......谢谢!
更新:
在发生违规行为时,我的 httpd 日志文件中有以下内容:
80.65.51.220 - - [14/Oct/2014:21:56:52 +0200] "POST http://80.65.51.219:6667/ HTTP/1.0" 302 225 "-" "-"
80.65.51.220 - - [14/Oct/2014:21:56:52 +0200] "CONNECT 80.65.51.219:6667 HTTP/1.0" 302 225 "-" "-"
80.65.51.220 - - [14/Oct/2014:21:56:52 +0200] "PUT http://80.65.51.219:6667/ HTTP/1.0" 302 225 "-" "-"
否则我找不到任何可疑的东西。
如果您之前见过类似情况,请提供任何进一步的建议,请发表评论或回答。谢谢!
答案1
是否有人使用你的服务器故意发送电子邮件给[电子邮件保护]? 如果是,那么这只是一份 NDR(未送达报告)。
如果没有,那么你可能被黑客入侵了。
/编辑啊哈 - 出于某种原因,我把这封电子邮件的下半部分内容看作是来自您本地邮件程序的诊断信息。现在我发现这更可能是被退回的失败电子邮件的内容 - 是的,您被黑了。把它烧毁,然后重新开始。