-Messaggio originale-
Da: Jesse Keating [mailto:[EMAIL PROTECTED]]
Inviato: venerdì 12 luglio 2002 0.57
A: [EMAIL PROTECTED]
Oggetto: Re: [courier-users] Re: Hack attempt?
On Thu, 11 Jul 2002 18:54:52 -0400
Sam Varshavchik [EMAIL PROTECTED] wrote:
#No. Mail from sqwebmail
On Fri, 12 Jul 2002 09:24:43 +0200
Massimo Cereda [EMAIL PROTECTED] wrote:
#
#Have you look in Apache logs?
Having followed the advice of others, and you, I've tracked this problem down
to a php script that a user of mine has in their web directory. I have brought
up the matter with the user.
Jesse Keating writes:
[message/delivery-status (337 bytes)]
Reporting-MTA: dns; mail.j2solutions.net
Arrival-Date: Thu, 11 Jul 2002 07:00:32 -0700
Received-From-MTA: dns; localhost (localhost [127.0.0.1])
Final-Recipient: rfc822; [EMAIL PROTECTED]
Action: failed
Status: 5.0.0
On Thu, 11 Jul 2002 17:41:43 -0400
Sam Varshavchik [EMAIL PROTECTED] wrote:
#The original message was sent by whoever logs in as uid 48.
#
#Anybody can put anything they want in the From: header, or use any return
#address.
UID 48 belongs to apache... Do messages sent via sqwebmail get that
On Thu, 11 Jul 2002 18:54:52 -0400
Sam Varshavchik [EMAIL PROTECTED] wrote:
#No. Mail from sqwebmail originates under whatever uid the mail account
#uses.
Yeah, so, any other idea on how this could be happening? Perhaps there is an
exploit in apache that lets them send mail? I'm somewhat
Jesse Keating writes:
On Thu, 11 Jul 2002 18:54:52 -0400
Sam Varshavchik [EMAIL PROTECTED] wrote:
#No. Mail from sqwebmail originates under whatever uid the mail account
#uses.
Yeah, so, any other idea on how this could be happening? Perhaps there is an
exploit in apache that
Jesse Keating writes:
UID 48 belongs to apache... Do messages sent via sqwebmail get that UID
attached to them? The reason I ask, the contents of the original email don't
match anything that would have been sent via apache.
YOU ARE COMPROMISED
from http://uptime.netcraft.com/up/graph/
On Thu, 11 Jul 2002 20:01:28 -0500
Bill Williamson [EMAIL PROTECTED] wrote:
#
#YOU ARE COMPROMISED
#
#from http://uptime.netcraft.com/up/graph/ scan of your server
# -
#The site www.j2solutions.net is running Apache/1.3.22 (Unix) (Red-Hat/Linux)
# -
#
#from