Re: ipop3d logwatch entry suspicious

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Roberto Figueroa wrote:
> I'm getting a lot of this entries in the LogWatch mail under ipop3d
> section:
> 
> Success, while reading line user=appowner
> host=customer123-149-157.iplannetworks.net
> <http://customer123-149-157.iplannetworks.net> [200.123.149.157
> <http://200.123.149.157>]: 1
> Time(s)
>     Success, while reading line user=mysql
> host=customer123-149-157.iplannetworks.net
> <http://customer123-149-157.iplannetworks.net> [200.123.149.157
> <http://200.123.149.157>]: 1
> Time(s)
>     Success, while reading line user=john
> host=customer123-149-157.iplannetworks.net
> <http://customer123-149-157.iplannetworks.net> [200.123.149.157
> <http://200.123.149.157>]: 1
> Time(s)
<snip>
> Obviously we don´t have any relationship with iplannetworks.net
> domain
> I'm running FC 5.

Mikkel L. Ellertson replied:
> It looks like john is checking his mail from home/work using
> iplannetworks.net as their ISP.

“john” I might accept. “appowner” and “mysql” shouldn’t be doing so!

This looks to me like someone unauthorized is trying to login to your
server.

My advice to Roberto is this: FC5 is no longer supported. You don’t seem
to be ready to handle security single-handed (if you were, you wouldn’t
be asking here). You’re evidently seeing random Internet users trying
your security.

You need to plan around a security problem being found with your version
of ipop3d. Either you need to follow the appropriate security lists, and
be ready to patch your version of ipop3d quickly, or you need to use a
supported operating system which will do this for you.

If you’re not prepared to update Fedora yearly to keep on supported
versions, I recommend that you move to CentOS, which can provide updates
for longer (thanks to Red Hat).

Hope this helps,

James.
-- 
E-mail:     james@ | In the Royal Air Force a landing’s OK,
aprilcottage.co.uk | If the pilot gets out and can still walk away.
                   | But in the Fleet Air Arm the outlook is grim,
                   | If your landings are duff and you’ve not learnt to swim.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux