Re: I've been hacked -- what should I do next?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 12/4/2006 8:24 PM, Alfred von Campe wrote:
>> You can use a whois database to find the info (for example, there's
>> web interface on www.ripe.net).  Info for 61.43.153.30 indicates that
>> this IP address is alocated to an provider in South Korea.
>
> So I sent mail to the address (abuse@xxxxxxxx) listed in the whois
> record for that ISP, and it bounced!
> ...
>
>  
> <badmail@xxxxxxxx|/webmail/mbox0/bora.net/513/badmail|2|512000|530259968|99999999|99999999|>:
>
>   Recipient's maiilbox is full, message returned to sender,
> (#5.2.2)allot:(524288000), usage:(530309120)

<humor style="flavour:black; weight: ultraheavy">
My theory: The admin was shot in his office and the gunman broke into
your system. After, nobody cared anymore for the dead man's mailbox.
</humor>

<reality>
Don't spend too much time into something that won't give you something
back in the end. You could traceroute to that guy and email the admin
from the hop just before that guy. Normally you get somebody there, but
neither will they pay anything to you nor will they shot the gunman back
(SCNR).
</reality>

>
> Maybe I'll try again after a few days to see if they cleaned up their
> mailbox.  Doesn't give me a warm and fuzzy feeling about that ISP,
> though.

Put his network on your iptables black list, that certainly gives you a
better feeling.

Regards,
Michael

-- 
Michael Kress, kress@xxxxxxxxxxx
http://www.michael-kress.de / http://kress.net
P E N G U I N S   A R E   C O O L

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux