lfd on <serverurl>: LOCALRELAY Alert for <useraccount>
Posted: 24 Jun 2013, 09:31
Hi guys,
I have two servers, one fully configured by ConfigServer and the other a small local one with configfirewall set up.
The small local one I have configfirewall set up on: Now over the weekend, this email has been sent to me over and over again for different accounts. I honestly don't know what to make of it, i've tried everything to stop them. A common denominator of the users is that they are all using Joomla. Although I can clearly see that it must be a security problem, I don't understand what the email keeps telling me.
Example:
I'm getting an email like this from different user accounts every hour or so. All relating to <hackersemailaddress> which is stomalber <at> gmail <dot> com. I tried searching for it on Google which only comes up with it is a forum spammer.
What I need is to understand what exactly this email is telling me, so that I can understand what he is doing and can counter him accordingly.
Thank you for your help. Greatly appreciated!
I have two servers, one fully configured by ConfigServer and the other a small local one with configfirewall set up.
The small local one I have configfirewall set up on: Now over the weekend, this email has been sent to me over and over again for different accounts. I honestly don't know what to make of it, i've tried everything to stop them. A common denominator of the users is that they are all using Joomla. Although I can clearly see that it must be a security problem, I don't understand what the email keeps telling me.
Example:
Code: Select all
Time: Mon Jun 24 10:05:40 2013 +0200
Type: LOCALRELAY, Local Account - mun1918
Count: 101 emails relayed
Blocked: No
Sample of the first 10 emails:
2013-06-24 10:00:31 1Ur1hP-0007zJ-8y <= useraccount@<serverurl> U=useraccount P=local S=497 T="New Account IN <userdomain>" for <hackersemailaddress>
2013-06-24 10:00:32 1Ur1hP-0007zP-Cg <= useraccount@<serverurl> U=useraccount P=local S=497 T="New Account IN <userdomain>" for <hackersemailaddress>
2013-06-24 10:00:32 1Ur1hP-0007zR-D7 <= useraccount@<serverurl> U=useraccount P=local S=497 T="New Account IN <userdomain>" for <hackersemailaddress>
2013-06-24 10:00:32 1Ur1hP-0007zL-9a <= useraccount@<serverurl> U=useraccount P=local S=497 T="New Account IN <userdomain>" for <hackersemailaddress>
2013-06-24 10:00:33 1Ur1hR-000806-Hn <= useraccount@<serverurl> U=useraccount P=local S=497 T="New Account IN <userdomain>" for <hackersemailaddress>
2013-06-24 10:00:56 1Ur1hn-00081R-FT <= useraccount@<serverurl> U=useraccount P=local S=497 T="New Account IN <userdomain>" for <hackersemailaddress>
2013-06-24 10:00:56 1Ur1hn-00081W-N2 <= useraccount@<serverurl> U=useraccount P=local S=497 T="New Account IN <userdomain>" for <hackersemailaddress>
2013-06-24 10:00:56 1Ur1hn-00081c-Ve <= useraccount@<serverurl> U=useraccount P=local S=497 T="New Account IN <userdomain>" for <hackersemailaddress>
2013-06-24 10:00:57 1Ur1ho-00081y-UR <= useraccount@<serverurl> U=useraccount P=local S=497 T="New Account IN <userdomain>" for <hackersemailaddress>
2013-06-24 10:00:59 1Ur1hr-00082F-Om <= useraccount@<serverurl> U=useraccount P=local S=497 T="New Account IN <userdomain>" for <hackersemailaddress>
What I need is to understand what exactly this email is telling me, so that I can understand what he is doing and can counter him accordingly.
Thank you for your help. Greatly appreciated!