I believe my UNIX shell account was hijacked!!! - Unix

This is a discussion on I believe my UNIX shell account was hijacked!!! - Unix ; I am a user on freeshell.org. I have emailed the admin, but I believe that his spam filters have blocked my emails, because they have been sent outside of freeshell.org Since a few days ago I have been unable to ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: I believe my UNIX shell account was hijacked!!!

  1. I believe my UNIX shell account was hijacked!!!

    I am a user on freeshell.org. I have emailed the admin, but I believe
    that his spam filters have blocked my emails, because they have been
    sent outside of freeshell.org

    Since a few days ago I have been unable to FTP into freeshell.org and I
    get this message.

    Fetch 4.0.3 System 0x910 Serial FETCHED001-2R6B-2E3B WS
    Connecting to sdf.lonestar.org port 21 (4/21/05 1:38:20 PM)
    220-
    220 sdf.lonestar.org FTP server (NetBSD-ftpd 20020615) ready.
    USER johnw
    331 Password required for johnw.
    PASS
    530 johnw, you must be an ARPA member to use FTP.

    I also cannot receive email, nor FTP into the server.

    When anyone sends mail to my account this is returned.

    The original message was received at Thu, 21 Apr 2005 20:35:47 GMT
    from mail.simpsonuniversity.edu [66.244.32.12]

    ----- The following addresses had permanent fatal errors -----
    "|IFS=' '&&exec /usr/pkg/bin/procmail -f-||exit 75 #johnw"
    (expanded from: )

    ----- Transcript of session follows -----
    550 5.7.1 /arpa/hm/j/johnw/.forward: line 1: "|IFS=' '&&exec
    /usr/pkg/bin/procmail -f-||exit 75 #johnw"... User
    johnw@sdf.lonestar.org doesn't have a valid shell for mailing to
    programs

    Is this a clue?

    This is one message

    > ERROR : Could not complete request.
    > Query: SELECT "mail/abuse mail.lock.1084227491.5509.otaku"
    > Reason Given: SELECT failed: Permission denied: mail/abuse
    > mail.lock.1084227491.5509.otaku


    But the strange this is that I can send email via the webmail interface
    on www.freeshell.org. But I cannot receive.

    I beleive that my account was hijacked from a well known former Unix
    system admin who does not like me.


    Thanks..


    John


  2. Re: I believe my UNIX shell account was hijacked!!!

    In article <1114116401.313730.176350@f14g2000cwb.googlegroups. com>,
    johnw_94020@yahoo.com wrote:

    > I am a user on freeshell.org. I have emailed the admin, but I believe
    > that his spam filters have blocked my emails, because they have been
    > sent outside of freeshell.org
    >
    > Since a few days ago I have been unable to FTP into freeshell.org and I
    > get this message.
    >
    > Fetch 4.0.3 System 0x910 Serial FETCHED001-2R6B-2E3B WS
    > Connecting to sdf.lonestar.org port 21 (4/21/05 1:38:20 PM)
    > 220-
    > 220 sdf.lonestar.org FTP server (NetBSD-ftpd 20020615) ready.
    > USER johnw
    > 331 Password required for johnw.
    > PASS
    > 530 johnw, you must be an ARPA member to use FTP.
    >
    > I also cannot receive email, nor FTP into the server.


    Apparently, an ARPA member is required to pay a one time fee of $36.00.
    Have you done this? Also, have you tried logging in with Telnet (yuck)
    or SSH? See if you can, and if so, inspect some of your .* files, and
    check their modification dates. Look for any tampering.

    But first and foremost, change your password if you manage to get into
    your account, just to be on the safe side.

    > When anyone sends mail to my account this is returned.
    >
    > The original message was received at Thu, 21 Apr 2005 20:35:47 GMT
    > from mail.simpsonuniversity.edu [66.244.32.12]
    >
    > ----- The following addresses had permanent fatal errors -----
    > "|IFS=' '&&exec /usr/pkg/bin/procmail -f-||exit 75 #johnw"
    > (expanded from: )
    >
    > ----- Transcript of session follows -----
    > 550 5.7.1 /arpa/hm/j/johnw/.forward: line 1: "|IFS=' '&&exec
    > /usr/pkg/bin/procmail -f-||exit 75 #johnw"... User
    > johnw@sdf.lonestar.org doesn't have a valid shell for mailing to
    > programs
    >
    > Is this a clue?


    Not really. All it does is simply reiterate what the FTP transactions
    said, which is, you're not currently recognized as an ARPA member.

    > This is one message
    >
    > > ERROR : Could not complete request.
    > > Query: SELECT "mail/abuse mail.lock.1084227491.5509.otaku"
    > > Reason Given: SELECT failed: Permission denied: mail/abuse
    > > mail.lock.1084227491.5509.otaku


    > But the strange this is that I can send email via the webmail interface
    > on www.freeshell.org. But I cannot receive.


    If you cannot receive E-mail, then there's really no way to tell whether
    or not you can successfully send E-mail either, because any delivery
    failure would be sent back to you, but you wouldn't see it.

    > I beleive that my account was hijacked from a well known former Unix
    > system admin who does not like me.


    You wouldn't be the first person to be a victim of this. Being a UNIX
    technician myself, I know for a fact that there are a few UNIX
    administrators out there that have very anti-social and extremely
    egocentric personalities. One of them being the father of GNU itself,
    Richard Stallman.

    I wish I could be of more help, because I know that there's nothing more
    maddening than having some stranger poking around in your private files.
    However, without being on their admin staff, and having access to the
    machine(s), there's little I can advise you to do.

    But it might not be a hijacking at all. It might simply be some problem
    on their end that they're just not aware of yet. Try to be patient, and
    don't give up trying to contact them.

    As a last resort, would you like me to send them an E-mail on your
    behalf? I could post it here, and send a copy to their abuse or
    admin staff at the same time if you wish. Whatever you decide to do
    good luck to you.

+ Reply to Thread