Date: Thu, 4 Oct 2001 12:48:37 -0400 From: "Drew J. Weaver" <drew.weaver@thenap.com> To: 'Shannon Wheeler' <swheeler@mcmurraycomputer.com>, freebsd-isp@FreeBSD.ORG Subject: RE: eggdrop Message-ID: <B1A7D9973EBED3119ADD009027DC86492B15DC@mailman.thenap.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Having an eggdrop 'spring up' on one of your servers is a telltale sign of intrusion. The 2 times in 5 years that one of my servers has been compromised they have *always* setup a eggdrop bot on the server. Its kind of stupid really but hey. Whatever right? -----Original Message----- From: Shannon Wheeler [mailto:swheeler@mcmurraycomputer.com] Sent: Thursday, October 04, 2001 11:54 AM To: freebsd-isp@FreeBSD.ORG Subject: eggdrop feel free to come down on me hard about this... yesterday my pop3 was not responding, so I telneted in and saw that something called eggdrop1.4 was running... I killed it right away (shot first, ask questions later), but qpopper still didn't respond so I rebooted. Eventually qpopper started responding again but it seemed to take a long time and I had to start Apache manually. Was eggdrop something to do with CVS that I shouldn't have stopped? yes, I've looked it up. All references I've found refer to an IRC bot. - Someone just guessed or snooped my password? Any suggestions for a secure telnet? thanks, Shannon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2654.45"> <TITLE>RE: eggdrop</TITLE> </HEAD> <BODY> <P><FONT SIZE=2>Having an eggdrop 'spring up' on one of your servers is a telltale sign of intrusion. The 2 times in 5 years that one of my servers has been compromised they have *always* setup a eggdrop bot on the server. Its kind of stupid really but hey. Whatever right?</FONT></P> <BR> <BR> <P><FONT SIZE=2>-----Original Message-----</FONT> <BR><FONT SIZE=2>From: Shannon Wheeler [<A HREF="mailto:swheeler@mcmurraycomputer.com">mailto:swheeler@mcmurraycomputer.com</A>] </FONT> <BR><FONT SIZE=2>Sent: Thursday, October 04, 2001 11:54 AM</FONT> <BR><FONT SIZE=2>To: freebsd-isp@FreeBSD.ORG</FONT> <BR><FONT SIZE=2>Subject: eggdrop</FONT> </P> <P><FONT SIZE=2>feel free to come down on me hard about this...</FONT> </P> <P><FONT SIZE=2>yesterday my pop3 was not responding, so I telneted in and saw that</FONT> <BR><FONT SIZE=2>something called eggdrop1.4 was running...</FONT> </P> <P><FONT SIZE=2>I killed it right away (shot first, ask questions later), but qpopper still</FONT> <BR><FONT SIZE=2>didn't respond so I rebooted.</FONT> </P> <P><FONT SIZE=2>Eventually qpopper started responding again but it seemed to take a long</FONT> <BR><FONT SIZE=2>time and I had to start Apache manually.</FONT> </P> <P><FONT SIZE=2>Was eggdrop something to do with CVS that I shouldn't have stopped?</FONT> </P> <P><FONT SIZE=2>yes, I've looked it up. All references I've found refer to an IRC bot. -</FONT> <BR><FONT SIZE=2>Someone just guessed or snooped my password?</FONT> </P> <P><FONT SIZE=2>Any suggestions for a secure telnet?</FONT> </P> <P><FONT SIZE=2>thanks,</FONT> <BR><FONT SIZE=2>Shannon</FONT> </P> <BR> <BR> <BR> <P><FONT SIZE=2>To Unsubscribe: send mail to majordomo@FreeBSD.org</FONT> <BR><FONT SIZE=2>with "unsubscribe freebsd-isp" in the body of the message</FONT> </P> </BODY> </HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B1A7D9973EBED3119ADD009027DC86492B15DC>