RE: eggdrop

From owner-freebsd-isp Thu Oct 4 9:44:55 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id A4AA737B407 for ; Thu, 4 Oct 2001 09:44:44 -0700 (PDT) Received: by mailman.thenap.com with Internet Mail Service (5.5.2653.19) id ; Thu, 4 Oct 2001 12:48:38 -0400 Message-ID: From: "Drew J. Weaver" To: 'Shannon Wheeler' , freebsd-isp@FreeBSD.ORG Subject: RE: eggdrop Date: Thu, 4 Oct 2001 12:48:37 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C14CF4.69C1BC00" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C14CF4.69C1BC00 Content-Type: text/plain Having an eggdrop 'spring up' on one of your servers is a telltale sign of intrusion. The 2 times in 5 years that one of my servers has been compromised they have *always* setup a eggdrop bot on the server. Its kind of stupid really but hey. Whatever right? -----Original Message----- From: Shannon Wheeler [mailto:swheeler@mcmurraycomputer.com] Sent: Thursday, October 04, 2001 11:54 AM To: freebsd-isp@FreeBSD.ORG Subject: eggdrop feel free to come down on me hard about this... yesterday my pop3 was not responding, so I telneted in and saw that something called eggdrop1.4 was running... I killed it right away (shot first, ask questions later), but qpopper still didn't respond so I rebooted. Eventually qpopper started responding again but it seemed to take a long time and I had to start Apache manually. Was eggdrop something to do with CVS that I shouldn't have stopped? yes, I've looked it up. All references I've found refer to an IRC bot. - Someone just guessed or snooped my password? Any suggestions for a secure telnet? thanks, Shannon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C14CF4.69C1BC00 Content-Type: text/html Content-Transfer-Encoding: quoted-printable RE: eggdrop

Having an eggdrop 'spring up' on one of your servers = is a telltale sign of intrusion. The 2 times in 5 years that one of my = servers has been compromised they have *always* setup a eggdrop bot on = the server. Its kind of stupid really but hey. Whatever = right?

-----Original Message-----
From: Shannon Wheeler [mailto:swheeler@mcmurrayco= mputer.com]
Sent: Thursday, October 04, 2001 11:54 AM
To: freebsd-isp@FreeBSD.ORG
Subject: eggdrop

feel free to come down on me hard about = this...

yesterday my pop3 was not responding, so I telneted = in and saw that
something called eggdrop1.4 was running...

I killed it right away (shot first, ask questions = later), but qpopper still
didn't respond so I rebooted.

Eventually qpopper started responding again but it = seemed to take a long
time and I had to start Apache manually.

Was eggdrop something to do with CVS that I shouldn't = have stopped?

yes, I've looked it up. All references I've found = refer to an IRC bot. -
Someone just guessed or snooped my password?

Any suggestions for a secure telnet?

thanks,
Shannon

To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body = of the message

------_=_NextPart_001_01C14CF4.69C1BC00-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message