Category Archives: Databases

Email Server Attack

Type: Brute Force
Protocol: POP3
OS: Linux 3.6.11+ armv6l
Platform: Pi Rev. B
Memory: 512M
Daemon: Dovecot 2.1.7-7
Backend Daemon: MySQL 5.5
Backend OS: Linux 2.6.32-5-amd64
Backend Platform: Generic AMD A4-3400 APU Dual Core
Backend Memory: 3.5G
Total Attempts: 13356
Avg. Attempt/s: 2.71

Postmortem:
67.136.48.186 was *unable* to successfully authenticate to any valid user.
Attack was mitigated at the firewall (DROP).
abuse@integratelecom.com was contacted about this event.

irc.diff.05142011.2.txt


Index: irc.php
===================================================================
--- irc.php (revision 2317)
+++ irc.php (working copy)
@@ -1,10 +1,6 @@
#!/usr/bin/env php

-# status
-# reboot
-# log
-# help
-# down
+# port_info is broken. always reports same values no matter host selected

message(SMARTIRC_TYPE_CHANNEL, $data->channel, "Commands: !help, !log, !status, !version, !down, !port, !device, !listdevices");
+
+echo date("m-d-y H:i:s ");
+echo "HELP\n";
+
+mysql_close();
+
+ }
+
+
+###
# Get status on !version
###
function version_info(&$irc, &$data)
@@ -40,6 +55,7 @@

$irc->message(SMARTIRC_TYPE_CHANNEL, $data->channel, "Observium Version " . $config['version']);

+echo date("m-d-y H:i:s ");
echo "VERSION\t\t". $config['version'] . "\n";

mysql_close();
@@ -47,6 +63,31 @@
}

irc.diff.05142011.1.txt


Index: irc.php
===================================================================
--- irc.php (revision 2317)
+++ irc.php (working copy)
@@ -1,11 +1,5 @@
#!/usr/bin/env php

-# status
-# reboot
-# log
-# help
-# down
-
message(SMARTIRC_TYPE_CHANNEL, $data->channel, "Commands: !help, !log, !status, !version, !down, !port, !device, !listdevices");
+
+echo date("m-d-y H:i:s ");
+echo "HELP\n";
+
+mysql_close();
+
+ }
+
+
+###
# Get status on !version
###
function version_info(&$irc, &$data)
@@ -40,6 +53,7 @@

$irc->message(SMARTIRC_TYPE_CHANNEL, $data->channel, "Observium Version " . $config['version']);

+echo date("m-d-y H:i:s ");
echo "VERSION\t\t". $config['version'] . "\n";

mysql_close();
@@ -47,6 +61,31 @@
}

irc.diff.05142011.txt


Index: irc.php
===================================================================
--- irc.php (revision 2284)
+++ irc.php (working copy)
@@ -1,37 +1,122 @@
#!/usr/bin/env php
+
+# status
+# reboot
+# log
+# help
+# down
+
message(SMARTIRC_TYPE_CHANNEL, $data->channel, "Observium Version " . $config['version']);
+
+echo "VERSION\t\t". $config['version'] . "\n";
+
+mysql_close();
+
+ }
+
+###
+# Get status on !down devices
+###
+ function down_info(&$irc, &$data)
+ {
+
+global $config;
+mysql_connect($config['db_host'],$config['db_user'],$config['db_pass']);
+mysql_select_db($config['db_name']);
+
+ $query = mysql_query("SELECT * FROM `devices` where status=0");
+ unset($message);
+ while($device = mysql_fetch_assoc($query))
+ {
+ $message .= $sep . $device['hostname'];
+ $sep = ", ";
+ }
+ $irc->message(SMARTIRC_TYPE_CHANNEL, $data->channel, $message);
+ unset($sep);
+
+mysql_close();
+
+echo "DOWN\n";
+
+ }
+
+###
+# Get status on !device
+###
function device_info(&$irc, &$data)
{
+
$hostname = $data->messageex[1];

- $device = mysql_fetch_assoc(mysql_query("SELECT * FROM `devices` WHERE `hostname` = '".mres($hostname)."'"));
+global $config;
+mysql_connect($config['db_host'],$config['db_user'],$config['db_pass']);
+mysql_select_db($config['db_name']);

+ $device = dbFetchRow("SELECT * FROM `devices` WHERE `hostname` = ?",array($hostname));
+
+mysql_close();
+
if ($device['status'] == 1) { $status = "Up " . formatUptime($device['uptime'] . " "); } else { $status = "Down "; }
if ($device['ignore']) { $status = "*Ignored*"; }
if ($device['disabled']) { $status = "*Disabled*"; }