script在try我的主機
這傢伙來自內地,沒事寫個script在try我的主機,請各位封了它!!<br><br>Wed 2005-08-24 18:16:12: ---------- <br>Wed 2005-08-24 18:53:46: Session 990; child 1; thread 7692 <br><span style='color:red'>Wed 2005-08-24 18:53:44: Accepting SMTP connection from </span><br>Wed 2005-08-24 18:53:44: Performing PTR lookup (158.86.79.218.IN-ADDR.ARPA) <br>Wed 2005-08-24 18:53:44: * Error: Name server reports domain name unknown <br>Wed 2005-08-24 18:53:44: ---- End PTR results <br>Wed 2005-08-24 18:53:44: --> 220 cfwater.com.tw ESMTP MDaemon 8.1.1; Wed, 24 Aug 2005 18:53:44 +0800 <br>Wed 2005-08-24 18:53:44: <-- EHLO cfwater.com.tw <br>Wed 2005-08-24 18:53:44: Performing IP lookup (cfwater.com.tw) <br>Wed 2005-08-24 18:53:44: * D=cfwater.com.tw TTL=(1440) A= <br>Wed 2005-08-24 18:53:44: ---- End IP lookup results <br>Wed 2005-08-24 18:53:44: --> 250-cfwater.com.tw Hello cfwater.com.tw (may be forged), pleased to meet you <br>Wed 2005-08-24 18:53:44: --> 250-ETRN <br>Wed 2005-08-24 18:53:44: --> 250-AUTH=LOGIN <br>Wed 2005-08-24 18:53:44: --> 250-AUTH LOGIN CRAM-MD5 <br>Wed 2005-08-24 18:53:44: --> 250-8BITMIME <br>Wed 2005-08-24 18:53:44: --> 250 SIZE 0 <br>Wed 2005-08-24 18:53:44: <-- MAIL FROM:<[email protected]> <br>Wed 2005-08-24 18:53:44: Performing IP lookup (cfwater.com.tw) <br>Wed 2005-08-24 18:53:45: * D=cfwater.com.tw TTL=(1440) A= <br>Wed 2005-08-24 18:53:45: * P=010 D=cfwater.com.tw TTL=(60) MX= {211.21.191.230} <br>Wed 2005-08-24 18:53:45: ---- End IP lookup results <br>Wed 2005-08-24 18:53:45: --> 550 <[email protected]>, Sender unknown <br>Wed 2005-08-24 18:53:46: Error reading from socket! <br>Wed 2005-08-24 18:53:46: Unexpected socket closure <br>Wed 2005-08-24 18:53:46: SMTP session terminated (Bytes in/out: 58/275) <br>Wed 2005-08-24 18:53:46: ---------- <br>Wed 2005-08-24 18:53:47: Session 991; child 1; thread 7460 <br>Wed 2005-08-24 18:53:46: Accepting SMTP connection from <br>Wed 2005-08-24 18:53:46: Performing PTR lookup (158.86.79.218.IN-ADDR.ARPA) <br>Wed 2005-08-24 18:53:46: * Error: Name server reports domain name unknown <br>Wed 2005-08-24 18:53:46: ---- End PTR results <br>Wed 2005-08-24 18:53:46: --> 220 cfwater.com.tw ESMTP MDaemon 8.1.1; Wed, 24 Aug 2005 18:53:46 +0800 <br>Wed 2005-08-24 18:53:46: <-- EHLO cfwater.com.tw <br>Wed 2005-08-24 18:53:46: Performing IP lookup (cfwater.com.tw) <br>Wed 2005-08-24 18:53:46: * D=cfwater.com.tw TTL=(1440) A= <br>Wed 2005-08-24 18:53:46: ---- End IP lookup results <br>Wed 2005-08-24 18:53:46: --> 250-cfwater.com.tw Hello cfwater.com.tw (may be forged), pleased to meet you <br>Wed 2005-08-24 18:53:46: --> 250-ETRN <br>Wed 2005-08-24 18:53:46: --> 250-AUTH=LOGIN <br>Wed 2005-08-24 18:53:46: --> 250-AUTH LOGIN CRAM-MD5 <br>Wed 2005-08-24 18:53:46: --> 250-8BITMIME <br>Wed 2005-08-24 18:53:46: --> 250 SIZE 0 <br>Wed 2005-08-24 18:53:46: <-- MAIL FROM:<[email protected]> <br>Wed 2005-08-24 18:53:46: Performing IP lookup (cfwater.com.tw) <br>Wed 2005-08-24 18:53:47: * D=cfwater.com.tw TTL=(1440) A= <br>Wed 2005-08-24 18:53:47: * P=010 D=cfwater.com.tw TTL=(60) MX= {211.21.191.230} <br>Wed 2005-08-24 18:53:47: ---- End IP lookup results <br>Wed 2005-08-24 18:53:47: --> 550 <[email protected]>, Sender unknown <br>Wed 2005-08-24 18:53:47: Error reading from socket! <br>Wed 2005-08-24 18:53:47: Unexpected socket closure <br>Wed 2005-08-24 18:53:47: SMTP session terminated (Bytes in/out: 58/275) <br> 這個不死心的傢伙,我封掉它的IP,它又換了個IP,又來了!<br><br>Fri 2005-08-26 09:13:35: ---------- <br>Fri 2005-08-26 09:15:42: Session 2328; child 1; thread 16516 <br><span style='color:red'>Fri 2005-08-26 09:15:40: Accepting SMTP connection from </span><br>Fri 2005-08-26 09:15:40: Performing PTR lookup (57.89.79.218.IN-ADDR.ARPA) <br>Fri 2005-08-26 09:15:40: * Error: Name server reports domain name unknown <br>Fri 2005-08-26 09:15:40: ---- End PTR results <br>Fri 2005-08-26 09:15:40: --> 220 cfwater.com.tw ESMTP MDaemon 8.1.1; Fri, 26 Aug 2005 09:15:40 +0800 <br>Fri 2005-08-26 09:15:41: <-- EHLO cfwater.com.tw <br>Fri 2005-08-26 09:15:41: Performing IP lookup (cfwater.com.tw) <br>Fri 2005-08-26 09:15:41: * D=cfwater.com.tw TTL=(1440) A= <br>Fri 2005-08-26 09:15:41: ---- End IP lookup results <br>Fri 2005-08-26 09:15:41: --> 250-cfwater.com.tw Hello cfwater.com.tw (may be forged), pleased to meet you <br>Fri 2005-08-26 09:15:41: --> 250-ETRN <br>Fri 2005-08-26 09:15:41: --> 250-AUTH=LOGIN <br>Fri 2005-08-26 09:15:41: --> 250-AUTH LOGIN CRAM-MD5 <br>Fri 2005-08-26 09:15:41: --> 250-8BITMIME <br>Fri 2005-08-26 09:15:41: --> 250 SIZE 0 <br>Fri 2005-08-26 09:15:41: <-- MAIL FROM:<[email protected]> <br>Fri 2005-08-26 09:15:41: Performing IP lookup (cfwater.com.tw) <br>Fri 2005-08-26 09:15:41: * D=cfwater.com.tw TTL=(1440) A= <br>Fri 2005-08-26 09:15:41: * P=010 D=cfwater.com.tw TTL=(60) MX= {211.21.191.230} <br>Fri 2005-08-26 09:15:41: ---- End IP lookup results <br>Fri 2005-08-26 09:15:41: --> 550 <[email protected]>, Sender unknown <br>Fri 2005-08-26 09:15:42: Error reading from socket! <br>Fri 2005-08-26 09:15:42: Unexpected socket closure <br>Fri 2005-08-26 09:15:42: SMTP session terminated (Bytes in/out: 54/271) <br> 你要封的不是 IP,而是 cfwater.com.tw 這個主機名稱。 這是我家主機,我封了,我就不用收信,你可能不知道我要表達什麼?<br>這傢伙寫個script,用一些常用的管理者名稱,例如 Administrator、Service、Register這些公司網管常用的最高權限或可能開啟的信箱,然後就try你的主機,當它try成功後,就可以使用暴力破解密碼方法來破解密碼!<br><br>這是一般cracker常用的手段,尤其是Administrator這個帳號,大部份都是MS主機的最高權限者,如果被它試出來,大概整個主機就瓦解了!<br><br>P.S. MS主機是Administrator,而Liunx主機則是root,這二個都是內定的最高權限者。<br><br>而我只是列出MDEAMON的LOG,未列出防火牆的LOG,這傢伙幾乎我有開的PORT,它都有在TRY,尤其是網路上的芳鄰! 我不是不知道你要表達什麼,但不管他用什麼 Script,使用的主機名稱不就都是 cfwater.com.tw 嗎?<br>看看這篇囉:<br><a href='http://www.suma.tw/modules/ipboard/index.php?showtopic=258' target='_blank'>http://www.suma.tw/modules/ipboar...p?showtopic=258</a>
頁:
[1]