1. Summary
  2. Files
  3. Support
  4. Report Spam
  5. Create account
  6. Log in

Crash and unusual data in logfile

Moderators: pdreissen, fribo

Crash and unusual data in logfile

Postby beddo » Fri Dec 02, 2011 11:37 am

This has happened twice over the last few days. Connections from the same IP address seem to send some data, presumably some kind of exploit aimed against an MTA. Both times ASSP has died instantly until the monitoring script brings it back up. I've blocked the IP but thought you would probably like to see the data that is crashing ASSP.

Code: Select all
2011-12-02 11:16:49 [Worker_2] Worker_2 wakes up
2011-12-02 11:16:49 [Worker_2] Info: Worker_2 got connection from MainThread
2011-12-02 11:16:49 [Worker_2] Connected: 84.92.203.233:12606 > 1.1.1.1:25 > 127.0.0.1:38111 > 127.0.0.1:125 , 16-18
2011-12-02 11:16:49 [Main_Thread] Info: Main_Thread freed by idle Worker_2 in 0.005 seconds
2011-12-02 11:16:49 [Worker_2] 84.92.203.233 Message-Score: added 25 for EarlyTalker, total score for this message is now 25
\x{31313032}\x{2D32312D}\x{31203230}\x{36313A31}\x{2039343A}\x{726F575B}\x{5F72656B}\x{38205D32}\x{32392E34}\x{3330322E}\x{3333322E}\x{61455B20}\x{54796C72}\x{656B6C61}\x{67205D72}\x{2720746F}ðÅ»\x{4E010377}\xFF\x80\x8F\xBF\xBF\xBF\xBF\xBE\xA0\xAA\x8B\x8F\x98\xFF\x80\x8F\xBF\xBF\xBF\xBF\xBF\xBA\xBD\xA0\x84\x96\xFF\x80\x8F\xBF\xBF\xBF\BF\xBE\x97\x9C\xA0\xA3\xB6\x{7FEFFAD8}\xFF\x80\x8F\xBF\xBF\xBF\xBF\xBF\x90\x9C\xA4\xB1\x94\x{66F83E91}\x{145FB68E}\x{6CE05D}\x{2F001800}\x{5003500}\x{66202700}\x{206D6F72}\x{20656874}\x{65696C63}\x{6220746E}\x{726F6665}\x{68742065}\x{32272065}\x{2E203032}\x{20272E2E}\x{76726573}\x{67207265}\x{74656572}\x{20676E69}\x{20736177}\x{746E6573}\x{72202D20}\x{63656A65}\x{676E6974}\x{6E6F6320}\x{7463656E}\x{A6E6F69}2011-12-02 11:24:18 [startup] Starting in console mode


2011-11-30 11:42:53 [Worker_1] Info: Worker_1 got connection from MainThread
2011-11-30 11:42:53 [Worker_1] Connected: 84.92.203.233:23622 > 1.1.1.1:25 > 127.0.0.1:48381 > 127.0.0.1:125 , 14-15
2011-11-30 11:42:53 [Main_Thread] Info: Main_Thread freed by idle Worker_1 in 0.006 seconds
2011-11-30 11:42:53 [Worker_1] 84.92.203.233 Message-Score: added 25 for EarlyTalker, total score for this message is now 25
\x{31313032}\x{2D31312D}\x{31203033}\x{32343A31}\x{2033353A}\x{726F575B}\x{5F72656B}\x{38205D31}\x{32392E34}\x{3330322E}\x{3333322E}\x{61455B20}\x{54796C72}\x{656B6C61}\x{67205D72}\x{2720746F}ðÅ»\x{4E010377}\xFF\x80\x8F\xBF\xBF\xBF\xBF\xBF\x95\xB0\x81\x9B\x96\xFF\x80\x8F\xBF\xBF\xBF\xBF\xBE\xAD\xA3\xA7\x87\x85\x{244024A5}\x{69D6AB7}\x6519A6FD}\x{5FD55C6E}\xFF\x80\x8F\xBF\xBF\xBF\xBF\xBF\xA8\xAA\x87\xAB\x9Bã´\x{2F0018}ñµ\x{72662027}\x{74206D6F}\x{63206568}\x{6E65696C}\x{65622074}\x{65726F66}\x{6568740}\x{32322720}\x{2E2E2030}\x{7320272E}\x{65767265}\x{72672072}\x{69746565}\x{7720676E}\x{73207361}\x{20746E65}\x{6572202D}\x{7463656A}\x{20676E69}\x{6E6E6F63}\x{69746365}2011-11-30 11:48:17 [startup] Starting in console mode
beddo
 
Posts: 98
Joined: Mon Aug 23, 2010 5:05 pm

Re: Crash and unusual data in logfile

Postby thockar » Thu Dec 08, 2011 6:05 pm

configure logcharset and consolecharset to UTF-8 - switch your system to UTF-8.

Thomas
thockar
Site Admin
 
Posts: 461
Joined: Mon Mar 09, 2009 7:05 pm

Re: Crash and unusual data in logfile

Postby beddo » Fri Dec 09, 2011 9:43 am

The system is set to UTF8

/etc/sysconfig/i18n contains: LANG="en_US.UTF-8"

ConsoleCharset is set to System Default and therefore should be UTF-8.
LogCharset is utf-8-strict, should it just be utf-8 without the strict?
beddo
 
Posts: 98
Joined: Mon Aug 23, 2010 5:05 pm

Re: Crash and unusual data in logfile

Postby thockar » Mon Dec 12, 2011 11:58 am

This IP sends no ASCII data before the greeting is sent by ASSP - these data are misinterpreted by ASSP and causes a UNICODE engine error. Try to block the IP on your firewall.

Thomas
thockar
Site Admin
 
Posts: 461
Joined: Mon Mar 09, 2009 7:05 pm

Re: Crash and unusual data in logfile

Postby thockar » Mon Dec 12, 2011 4:31 pm

This will be fixed in build 11346

Thomas
thockar
Site Admin
 
Posts: 461
Joined: Mon Mar 09, 2009 7:05 pm

Re: Crash and unusual data in logfile

Postby beddo » Wed Dec 14, 2011 9:23 am

Brilliant, I'll try not to find anything else so you can get away without any hassle :)
beddo
 
Posts: 98
Joined: Mon Aug 23, 2010 5:05 pm


Return to Bug reports

Who is online

Users browsing this forum: No registered users and 1 guest

cron