| Answer: |
mourning ----- attachment -----
Return-path: <EMAIL>
Envelope-to: EMAIL
Delivery-date: Sat, 08 Feb 2014 21:09:32 +0100
Received: from [IP] (helo=relayn.net4sec.com)
by lms.your-server.de with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.74)
(envelope-from <EMAIL>)
id 1WCEDT-0003H9-Sl
for EMAIL; Sat, 08 Feb 2014 21:09:32 +0100
Received: from relayn.net4sec.com (localhost [IP])
by relayn.net4sec.com (Postfix) with ESMTP id 655771EB0006
for <EMAIL>; Sat, 8 Feb 2014 21:09:23 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=clean-mx.de; h=from:to
to :subject:cc:mime-version:message-id:date:content-type; s=sel;
bh=GnGLdYYHiY9xESidl+0nYm7Nkhk=; b=Y/AillNckLt2hZ2lL5+J7sWGuN10
cCJeh+neqzrO6/Xkwj8vFZa20hbKe99Pk1P2R1yphJU/hZNbuZBzXlTEbS6VJhra
u4S241+whNXDjpntSl3u6GHPdRV7wguYm9TSQetymejp5b1c8nr0qp8fzbcbye4e
QhIM4ASb0uRFmww=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=clean-mx.de; h=from:to
to :subject:cc:mime-version:message-id:date:content-type; q=dns; s=
sel; b=GgAtWQUTkpZUW7oqDOswaeR/r5q0jFcBj1Jbq+wPHmi5Q3DIJT7FPYtS7
CZjE8qYEwSTm0fzlBqkx9VPtR0JSOUGw7o9dvagu28+YsXYmKBehz1PlrH9zx9C+
HmRisVzcKGXSjl+c76fKrS4mHLhwc+1m/eB9r7VxXmYGi9ONF4=
Received: from dbserv (unknown [IP])
by localhost (Postfix) with ESMTP id 479E41EB0025
for <EMAIL>; Sat, 8 Feb 2014 20:09:23 +0000 (UTC)
From: EMAIL
to: EMAIL
Subject: [clean-mx-portals-2981741](IP)-->(EMAIL) portals sites (1 so far) within your network, please close them! status: As of 2014-02-08 21:09:08 CET
cc: EMAIL
Precedence: bulk
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-Mailer: clean mx secure mailer
X-Virus-Scanned: by net4sec UG at clean-mx.de
Message-Id: <EMAIL>
Date: Sat, 08 Feb 2014 21:09:08 +0100
content-Type: multipart/signed; boundary=\"----------=_1391889645-23396-41407\"; micalg=\"pgp-sha1\"; protocol=\"application/pgp-signature\"
X-Virus-Scanned: Clear (ClamAV 0.97.8/18454/Sat Feb 8 15:26:24 2014)
X-Spam-Score: 0.5 (/)
Delivered-To: EMAIL
This is a multi-part message in MIME format.
It has been signed conforming to RFC3156.
Produced by clean-mx transparent crypt gateway.
Version: 2.01.0619 http://www.clean-mx.de
You need GPG to check the signature.
------------=_1391889645-23396-41407
Content-type: multipart/mixed; boundary=\"----=_NextPart\"
This is a multi-part message in MIME format.
------=_NextPart
Content-Type: text/plain; charset=\"iso-8859-1\"
Dear abuse team,
please help to close these offending portals sites(1) so far.
status: As of 2014-02-08 21:09:08 CET
http://support.clean-mx.de/clean-mx/portals.php?email=EMAIL&response=alive
(for full uri, please scroll to the right end ...
This information has been generated out of our comprehensive real time database, tracking worldwide portals URI`s
If your review this list of offending site, please do this carefully, pay attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the issue !
Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server`s owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.
DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!
You may forward my information to law enforcement, CERTs
other responsible admins, or similar agencies.
+-----------------------------------------------------------------------------------------------
We denote domains and url in this fancy way, because your spamfilter will not pass this !
If you lower your filter drop us a note to reset this attribute for your email contact!
|date |id |virusname |ip |domain |Url|
+-----------------------------------------------------------------------------------------------
|2014-02-08 20:50:40 CET |2981741 |defaced_site |IP |_a_r_t_o_f_l_o_v_e_._b_y |_h_t_t_p_:_/_/_w_w_w_._a_r_t_o_f_l_o_v_e_._b_y
+-----------------------------------------------------------------------------------------------
Your email address has been pulled out of whois concerning this offending network block(s).
If you are not concerned with anti-fraud measurements, please forward this mail to the next responsible desk available...
If you just close(d) these incident(s) please give us a feedback, our automatic walker process may not detect a closed case
yours
Gerhard W. Recher
(CTO)
net4sec UG (haftungsbeschraenkt)
Leitenweg 6
D-86929 Penzing
GSM: ++49 171 4802507
Geschaeftsfuehrer: Martina Recher
Handelsregister Augsburg: HRB 27139
EG-Identnr: DE283762194
w3: http://www.clean-mx.de
e-Mail: mailto:EMAIL
PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
Location: http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc
------=_NextPart-- here is the list of hacked sites hunter 2014/02/08 rim M www.trixsoft.by/Bc.html
2014/02/08 hunter rim H M www.katharina-filist.de
2014/02/08 hunter rim H www.artoflove.by |
