A couple of days ago I had a range of email accounts deleted from a specific domain. As far as I know these deletions were unauthorised and the log entries look very strange.

The accounts were deleted on the 13th at around 6:31pm, by these IP addresses: <snip>. Some browsers were on Windows, some on Mac, and some on Unix

The IP addresses seem to be with US West - anyone know anything about them?

Has anyone any idea what's going on, how they got through the security and why they bothered? They would be an odd set of accounts to target.

Here is a log extract:

<snip> - - [13/Dec/2003:18:30:26 +0000] "GET
/index.cgi HTTP/1.0" 200 4502 "-" "Mozilla/4.77 [en] (X11; U; Linux
2.2.19 i686)"

<snip> - - [13/Dec/2003:18:31:46 +0000] "GET
/?f=delfwd&email=<snip>&confirmed=1 HTTP/1.0" 200 795 "-"
"Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/103u
(KHTML, like Gecko) Safari/100"

<snip><snip> - - [13/Dec/2003:18:31:53 +0000] "GET
/?f=delfwd&email=<snip>&confirmed=1 HTTP/1.0" 200 794 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

<snip><snip> - - [13/Dec/2003:18:32:00 +0000] "GET
/ HTTP/1.0" 200 2200 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)"

Many thanks for any help

[edited by: engine at 8:44 pm (utc) on Dec. 15, 2003]
[edit reason] too specific. See TOS [webmasterworld.com] [/edit]