Hacked??

[dextaslab]

Hi... yeah this is awkward... I was trolling the logs and found some wierd entries:

0 OK id=1Sfs8s-0006UR-5t)
Jun 16 20:30:14 dcerouter postfix/qmgr[14701]: A64141CA2DDE: removed
Jun 16 20:35:11 dcerouter postfix/pickup[22848]: BB3F81CA2DDD: uid=0 from=<root>
Jun 16 20:35:11 dcerouter postfix/cleanup[3513]: BB3F81CA2DDD: message-id=<20120616123511.BB3F81CA2DDD@fluffybitch.org>
Jun 16 20:35:11 dcerouter postfix/qmgr[14701]: BB3F81CA2DDD: from=<root@fluffybitch.org>, size=1800, nrcpt=1 (queue active)
Jun 16 20:35:12 dcerouter postfix/smtp[3515]: BB3F81CA2DDD: to=<root@fluffybitch.org>, orig_to=<root>, relay=mail.xzy.net[10.0.0.1]:25, delay=10, delays=10/0.02/0.12/0.36, dsn=2.0.0, status=sent (250 OK id=1SfsDg-0008NE-2s)

and also found these:
grep fluffybitch /etc/* -r
/etc/mailname:fluffybitch.org
/etc/postfix/main.cf.orig:myhostname = fluffybitch.org
/etc/postfix/main.cf.orig:mydestination = fluffybitch.org, localhost.org, , localhost
/etc/postfix/main.cf:myhostname = fluffybitch.org

Then googled and found this among many: http://pastebin.com/v168cg38

[l3mce]

Fluffybitch is the server which generates the snapshots. You were not hacked.


We will clean those up though, thanks for pointing them out.

[dextaslab]

PMSL  thats ok then, sry for spamming your server with what I believe was failed cron jobs

[JaseP]

By the way,.. love the server's name... (But it does kind of explain why he thought he was hacked, though).