[Coco] Not sure about the Barden issue
tonym
tonym at compusource.net
Wed Jul 28 01:13:05 EDT 2004
Did you check in /var/log/messages for info on where the person came from?
Or /var/log/secure?
Tony
---------- Original Message ----------------------------------
From: "Boisy G. Pitre" <boisy at boisypitre.com>
Reply-To: CoCoList for Color Computer Enthusiasts <coco at maltedmedia.com>
Date: Tue, 27 Jul 2004 21:02:02 -0500
>
>On Jul 27, 2004, at 3:08 PM, Neil Morrison wrote:
>
>>
>> I did wonder. Seemed too good to be true.
>>
>> I see that "X-Originating-IP: [24.196.220.38]" seems to be forged.
>>
>
>It is not forged. In fact it is the IP address of my router.
>
>At 9:02 AM, someone logged onto my Linux box (24.196.220.38) through an
>account that I have open for NitrOS-9 and related work. The same
>individual stayed logged on for 6 hours, unbeknownst to me. In the
>mean time, I suspect that he (or she?) wreaked the havoc that ensued.
>
>This particular account has been used by a number of people throughout
>the last couple of years. It appears that this account (and the Linux
>box) is where the mysterious "Barden Emails" originated. Around 10
>people that I know of have username and password access to this account
>(assuming THEY haven't shared the information with someone else). Out
>of those 10, I have heard back from two and I feel quite confident that
>they weren't behind the emails nor did they share the username/password
>information with anyone else.
>
>I don't have shell command tracking turned on, so I was unable to view
>a log of the commands used, but a litter of files and file dates
>confirm to me that my machine was used for this (in addition to the IP
>address connection).
>
>As soon as I realized what happened, I emailed Dennis and turned off
>the account, so this shouldn't be a recurring problem.
>
>I am livid that someone would take advantage of my system in this way,
>especially when I opened it up to help CoCo users. As wrote in my
>email to Dennis, someone has an extreme vendetta against Steve Bjork
>and or this mailing list. These types of emails have appeared on the
>coco newsgroup, but at this point I have no idea who might have done
>this.
>
>Boisy
>
>
>--
>Coco mailing list
>Coco at maltedmedia.com
>http://five.pairlist.net/mailman/listinfo/coco
>
______________ ______________ ______________ ______________
Sent via the KillerWebMail system at mail.compusource.net
More information about the Coco
mailing list