Server mail hacking

tarek-kshk · September 7, 2023, 2:29pm

Sep 7 09:35:34 server postfix/smtp[58845]: 829651B7B49: to=[email protected], relay=asav.tpg.com.au[27.32.32.10]:25, delay=2180, delays=2178/0.01/1.8/0, dsn=4.0.0, status=deferred (host asav.tpg.com.au[27.32.32.10] refused to talk to me: 421 Service not available, closing transmission channel)

I did not send this email

Sep 7 09:36:24 server postfix/smtpd[58872]: connect from unknown[89.46.178.102]

I didn’t do this

Is my site hacked?

i make Postfix is disabled to stop sent email

Please help

webshanks · September 7, 2023, 6:44pm

Check your access logs for anomaly.

tarek-kshk · September 7, 2023, 8:18pm

this ACCESS LOGS
find error 404

171.67.70.84 - - [07/Sep/2023:11:01:27 -0400] “GET / HTTP/1.1” 404 705 “-” “Mozilla/5.0 zgrab/0.x”
87.236.176.74 - - [07/Sep/2023:11:10:52 -0400] “GET / HTTP/1.1” 404 705 “-” “Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)”
34.140.248.32 - - [07/Sep/2023:11:13:35 -0400] “GET / HTTP/1.1” 404 705 “-” “python-requests/2.31.0”
185.224.128.142 - - [07/Sep/2023:11:22:30 -0400] “GET / HTTP/1.1” 404 1236 “-” “Hello World”
167.94.145.54 - - [07/Sep/2023:11:27:37 -0400] “GET / HTTP/1.1” 404 1236 “-” “-”
87.236.176.220 - - [07/Sep/2023:11:27:57 -0400] “GET / HTTP/1.1” 404 705 “-” “Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)”
162.142.125.223 - - [07/Sep/2023:11:45:53 -0400] “GET / HTTP/1.1” 404 1236 “-” “-”
162.142.125.225 - - [07/Sep/2023:12:22:20 -0400] “GET / HTTP/1.1” 404 1236 “-” “-”
193.34.212.110 - - [07/Sep/2023:12:22:35 -0400] “POST /boaform/admin/formLogin HTTP/1.1” 404 705 “http:// :80/admin/login.asp” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0”
185.180.140.4 - - [07/Sep/2023:12:23:01 -0400] “GET / HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.224.128.142 - - [07/Sep/2023:12:51:51 -0400] “GET / HTTP/1.1” 404 1236 “-” “Hello World”
91.135.216.51 - - [07/Sep/2023:12:58:45 -0400] “GET / HTTP/1.1” 404 1236 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36”
185.224.128.142 - - [07/Sep/2023:13:17:23 -0400] “GET / HTTP/1.1” 404 1236 “-” “Hello World”
138.197.204.67 - - [07/Sep/2023:13:27:46 -0400] “GET / HTTP/1.0” 404 1236 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0”
185.180.143.140 - - [07/Sep/2023:13:30:58 -0400] “GET / HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:31:09 -0400] “GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:31:22 -0400] “GET /solr/ HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:31:36 -0400] “GET /admin/ HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:31:36 -0400] “GET /remote/login HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:31:36 -0400] “GET /showLogin.cc HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:31:53 -0400] “GET /sugar_version.json HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:32:11 -0400] “GET /owa/ HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:32:11 -0400] “GET /autodiscover/autodiscover.json?a…foo.var/owa/?&Email=autodiscover/autodiscover.json?a…foo.var&Protocol=XYZ&FooProtocol=%50owershell HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:32:30 -0400] “GET /cgi-bin/authLogin.cgi HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:32:53 -0400] “GET /favicon.ico HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:32:53 -0400] “GET / HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:32:53 -0400] “GET / HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:32:53 -0400] “GET / HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:32:53 -0400] “GET /cgi-bin/config.exp HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
185.180.143.140 - - [07/Sep/2023:13:33:19 -0400] “GET /favicon.ico HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36”
193.46.254.100 - - [07/Sep/2023:14:17:00 -0400] “GET /japi/api/banner/list?status=1&pageNum=1&location=0%2C1%2C2&byChannel=true HTTP/1.1” 404 705 “-” “Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)”
180.149.125.163 - - [07/Sep/2023:14:32:01 -0400] “GET /c/ HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36”
185.142.236.40 - - [07/Sep/2023:14:34:48 -0400] “GET / HTTP/1.1” 404 1236 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36”
185.142.236.40 - - [07/Sep/2023:14:35:03 -0400] “GET /robots.txt HTTP/1.1” 404 1236 “-” “-”
185.142.236.40 - - [07/Sep/2023:14:35:04 -0400] “GET /sitemap.xml HTTP/1.1” 404 1236 “-” “-”
185.142.236.40 - - [07/Sep/2023:14:35:05 -0400] “GET /.well-known/security.txt HTTP/1.1” 404 1236 “-” “-”
185.142.236.40 - - [07/Sep/2023:14:35:06 -0400] “GET /favicon.ico HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36”
83.97.73.87 - - [07/Sep/2023:14:38:44 -0400] “GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36”
192.241.212.39 - - [07/Sep/2023:14:43:55 -0400] “GET /hudson HTTP/1.1” 404 705 “-” “Mozilla/5.0 zgrab/0.x”
192.241.195.48 - - [07/Sep/2023:14:55:18 -0400] “GET /owa/auth/logon.aspx HTTP/1.1” 404 705 “-” “Mozilla/5.0 zgrab/0.x”
36.41.75.167 - - [07/Sep/2023:15:07:32 -0400] “GET / HTTP/1.1” 404 705 “-” “Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1”
198.20.87.98 - - [07/Sep/2023:15:23:28 -0400] “GET / HTTP/1.1” 404 1236 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36”
198.20.87.98 - - [07/Sep/2023:15:23:48 -0400] “GET /robots.txt HTTP/1.1” 404 1236 “-” “-”
198.20.87.98 - - [07/Sep/2023:15:23:51 -0400] “GET /sitemap.xml HTTP/1.1” 404 1236 “-” “-”
198.20.87.98 - - [07/Sep/2023:15:23:52 -0400] “GET /.well-known/security.txt HTTP/1.1” 404 1236 “-” “-”
198.20.87.98 - - [07/Sep/2023:15:23:53 -0400] “GET /favicon.ico HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36”
118.195.139.224 - - [07/Sep/2023:15:25:45 -0400] “GET / HTTP/1.1” 404 705 “-” “Go-http-client/1.1”
179.43.163.134 - - [07/Sep/2023:15:37:00 -0400] “POST /cgi-bin/cstecgi.cgi HTTP/1.1” 404 705 “http:// :80/advance/traceroute.html?time=1679125513355” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0”
185.224.128.142 - - [07/Sep/2023:15:48:33 -0400] “GET / HTTP/1.1” 404 1236 “-” “Hello World”
83.97.73.87 - - [07/Sep/2023:15:57:45 -0400] “GET /actuator/gateway/routes HTTP/1.1” 404 705 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36”