home bbs files messages ]

Just a sample of the Echomail archive

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

   MYSTIC      Mystic support echo      16,010 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 15,001 of 16,010   
   Clive Reuben to All   
   concerning log entry...   
   18 Oct 22 19:18:27   
   
   TID: Mystic BBS 1.12 A48   
   MSGID: 1:142/104 745e113e   
   TZUTC: -0400   
   Apologies for the size of this log snippet, but has anyone seen a shell script   
   be executed from the node temp dir during the creation of a new account? I   
   have highlighted the concerning lines at the end of the log snippet. Is this a   
   hack or something benign?   
      
   I have tried to recreate it by uploading files during the sysop feedback   
   message (this is the time where the concerning shell file is executed during   
   account creation), but couldn't recreate the log entries as they are below...   
   nor could I find an xfer.sh file on the drive as is executed in the log.   
      
   Hopefully, someone else has seen this... and hopefully Mystic BBS's are not   
   being hacked... Thanks, for any help!     
      
      
   ------------------- Node 2 (Mystic v1.12 A48 2022/07/15)   
   2022.10.18 13:30:46 Connect from 135.148.161.187 (ip187.ip-135-148-161.us)   
   2022.10.18 13:30:46 Country: United States of America   
   2022.10.18 13:30:47 Set time left 30   
   2022.10.18 13:30:47 MPL execute: /mystic/themes/default/scripts/connect.mpx   
   2022.10.18 13:30:47 Connect begin *********************************   
   2022.10.18 13:30:47 Connect end ***********************************   
   2022.10.18 13:30:52 MPL execute: /mystic/themes/default/scripts/startup.mpx   
   2022.10.18 13:30:52 Startup begin *********************************   
   2022.10.18 13:30:52 INFO: bbslock begin   
   2022.10.18 13:31:07 INFO: bbslock end   
   2022.10.18 13:31:07 INFO: threatsentry begin   
   2022.10.18 13:31:07 MPL execute: /mystic/themes/default/scripts/threatsen.mpx   
   2022.10.18 13:31:07 Executing: /mystic/themes/default/scripts/th   
   eatsentry/threa   
   tsentry-api.sh /mystic/temp2/ 135.148.161.187 2   
   2022.10.18 13:31:07 Execution complete: 0   
   2022.10.18 13:31:07 INFO: User coordinates are: 37.750999450683594,   
   -97.82199859   
   61914   
   2022.10.18 13:31:07 INFO: API request count is: 7   
   2022.10.18 13:31:07 MPL execute: /mystic/themes/default/scripts/threatsen.mpx   
   2022.10.18 13:31:07 MPL execute: /mystic/themes/default/scripts/threatsen.mpx   
   2022.10.18 13:31:07 INFO: User is calling from country: United States   
   2022.10.18 13:31:07 INFO: User local time is: 2022-10-18 13:31:07.860993-04:00   
   2022.10.18 13:31:07 INFO: User IP has no threat indicators   
   2022.10.18 13:31:12 INFO: threatsentry end   
   2022.10.18 13:31:12 INFO: runfirst begin   
   2022.10.18 13:31:12 MPL execute: /mystic/themes/default/scripts/openseq.mpx   
   2022.10.18 13:31:12 MPL execute: /mystic/themes/default/scripts/ansilines.mpx   
   2022.10.18 13:31:18 MPL execute: /mystic/rcspause/rcspause.mpx   
   2022.10.18 13:31:20 INFO: runfirst end   
   2022.10.18 13:31:20 Startup end ***********************************   
   2022.10.18 13:31:20 MPL execute: /mystic/themes/default/scripts/anim.mpx   
   2022.10.18 13:31:20 INFO: anim.mpx login begin   
   2022.10.18 13:31:29 INFO: anim.mpx login end   
   2022.10.18 13:31:30 INFO: Read backstory   
   2022.10.18 13:31:34 MPL execute: /mystic/rcspause/rcspause.mpx   
   2022.10.18 13:31:35 MPL execute: /mystic/themes/default/scripts/anim.mpx   
   2022.10.18 13:31:35 INFO: anim.mpx login begin   
   2022.10.18 13:31:46 INFO: anim.mpx login end   
   2022.10.18 13:32:22 INFO: Apply for access   
   2022.10.18 13:32:25 New user application   
   2022.10.18 13:34:16 MPL execute: /mystic/rcspause/rcspause.mpx   
   2022.10.18 13:34:52 Created Account: bibnk #34   
   2022.10.18 13:34:52 MPL execute: /mystic/rcspause/rcspause.mpx   
   -------->> start concerning entries <<------------   
   2022.10.18 13:36:06 Executing: sh /mystic/temp2/xfer.sh   
   2022.10.18 13:36:06 Execution complete: 32512   
   -------->> end concerning entries <<--------------   
   2022.10.18 13:36:06 Saved draft message: E-mail   
   2022.10.18 13:36:06 Setting start menu: qlogin   
   2022.10.18 13:36:06 Shutting down   
      
   |07-|15seeLive|08Ä|15{ "|07Sysop|15": ["|07oNyX bBs|15"] }   
      
    |15onyxbbs.mywire.org:2300-tel / :2200-ssh / onyxwww.mywire.org-web   
         |07fsxnet / fidonet / tqwnet / dovenet / gamenet / sfnet|14   
      
   --- Mystic BBS v1.12 A48 2022/07/15 (Raspberry Pi/32)   
    * Origin: oNyX bBs - onyxbbs.mywire.org:2300/2200 (1:142/104)   
   SEEN-BY: 1/19 123 15/0 16/0 19/37 80/1 90/1 105/81 106/201 120/340   
   SEEN-BY: 123/130 131 129/305 142/104 799 153/7715 203/0 218/700 221/0   
   SEEN-BY: 226/30 227/114 229/110 111 112 113 206 275 317 400 424 426   
   SEEN-BY: 229/428 452 470 550 664 700 240/5832 266/512 282/1038 292/854   
   SEEN-BY: 317/3 320/119 219 319 322/0 757 325/304 342/200 396/45 460/58   
   SEEN-BY: 633/280 712/848   
   PATH: 142/104 320/219 229/426   
      

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca