FWIW
AHBL blocks entire /18 address space, when only a few IP's are
responsible for sending Spam. They are also non-responsive to removal
requests from innocent bystanders who are blocked due to their
irresponsibly large IP blocks. See
http://www.dnsstuff.com/tools/ip4r.ch?ip=216.14.34.65
SBL
Thank you for the input. I'll give it a try this week.
John
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Craig Edmonds
Sent: Sunday, April 02, 2006 7:42 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Hijack Notification
Importance:
this guy suggested this.
I'm not sure exactly how. looks like if a count is some value send the
mail.
john
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Nick Hayer
Sent: Sunday, April 02, 2006 7:59 AM
To: Declude.JunkMail@declude.com
Subject: Re:
Hi John,
John Doyle wrote:
this guy suggested this.
I'm not sure exactly how. looks like if a count is some value send the
mail.
I was just suggesting that the number of files in the spool dir exceed
some number [100?] then send an email. I got the idea from the hijack
vbs code [Thanks!]
http://www.declude.com/Articles.asp?ID=186
Aside from the web admin, are there any other fixes or feature
enhancements? The release notes reference 4.0.9.4 ...
Thanks!
-
Jay Sudowski // Handy Networks LLC
Director of Technical Operations
Providing Shared, Reseller, Semi Managed and Fully
I think I understand, Im not a
programmer and its semi Greek to me.
I like the idea of getting notified if the
spool file begins to fill up, I check it now and then and if would be nice
To simply be notified if it begins to back
up for whatever reason.
John
.
From:
John Doyle wrote:
I think I
understand, Im not a
programmer and its semi Greek to me.
I like the
idea of getting notified if the
spool file begins to fill up, I check it now and then and if would be
nice
To simply be
notified if it begins to back
up for whatever
QueueMon is excellent for monitoring and logging these things, and very
affordable too. http://www.invariantsystems.com/queuemon/
FYI, it doesn't official support SmarterMail, but it works perfectly fine on my
SmarterMail servers.
Thanks!
-
Jay Sudowski // Handy Networks LLC
Director of
From the readme.html:
Parent paths must be enabled.
Sorry, no they will not be enabled. That is a security risk I am not going
to open up on my server.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL
Practically speaking, the security risks related to parent paths are
near zero. On scale of 0 to 100, having parent paths enabled would be a
.01, assuming your NTFS permissions are tight.
-Jay
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John T
I beg to differ. IMO, Enabling Parent Paths is one of the biggest
security risks for a Web server, and IIS disables them by default
because of this. Most exploits require multiple configuration mistakes
to exploit, and if you enable Parent Paths, it increases your
likelihood of being hacked
Wrongg.
Enabling parent paths doesn't allow you to actually enter ../../../../../ and
transverse directories into your URL string!
http://support.microsoft.com/default.aspx?scid=kb;en-us;332117
It simply allows you to use ../ in your ASP and SSI includes!
Goodness gracious.
PS -
Jay,
This is incorrect. You can traverse directories within your root using
"../" with Parent Paths disabled, but if you enable it, you can go
outside your root so long as the file permissions allow it. Here's a
quote from the KB article that you linked to:
"The Parent Paths option (the
Also:
http://support.microsoft.com/kb/184717/
NOTE: Disabling ASP Parent Paths will only affect the execution of dynamic
content on .asp pages. This does not affect the server's ability to reference
static content using HTML code (whether it is called from .htm, .html or .asp
files). The
Install url scan and use the IIS lockdown tool. this will stop all
../../../ attacks dead in their tracks. Rerardless of the parent
pathssetting.
Kevin
Bilbee
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of
MattSent: Monday, April 03, 2006
Matt,
For what you describe to occur, your attacker has already managed to upload an
ASP file to your web site!!!Do you not see the distinction here?
Enabling parent paths allows ASP to use ../ notation to break out of the web
root directory and access other resources. For this to be a
On a dedicated server where you have more control over
the permissions, I think you can use parent paths without"many"
problems.
I am an asp programmer and rely on them for my include
files etc.
Its when you use some of the control panel software
that puts permissions about the root of
Kevin, IIS 6 has built in protection from double encoding by default
(like "..%5c" or ".%2e/" instead of "../"), and I also still use
URLScan to block such things even though Microsoft was saying that it
wasn't necessary with IIS 6. The other important addition in IIS 6's
security is in only
Hello Matt -
With all due respect, if NTFS permissions are not configured properly then you
have many, many things to be worried about aside from having Parent Path being
enabled or disabled, particularly if you are allowing people to upload
executable files remotely (as in, the server is a
The new interface looks nice. Very intuitive
Have some questions:
1. Where do I config the VIRDIR directive (EVA) in the new GUI interface?
2. How do I setup de default.junkmail configuration for all domains? Not a
per domain configuration? Should I add the domain default?
-Luis Arango
Jay,
Code Red and Nimda, the two biggest worms in the history of the
Internet, used vulnerabilities aided by directory transversal (Parent
Paths enabled) along with default permissions and paths to infect
millions of servers. Servers that weren't patched for the specific
vulnerability
Matt,
It seems that your misconception between Parent Paths and the IIS
Unicode Directory Transversal VULNERABILITY remains. Additionally, you
also seem to be completely confused with Code Red.
Code Red was related to a buffer overflow in Index Server. In order to
avoid being impacted this
22 matches
Mail list logo
