* On 16/06/06 12:44 +0100, Chris Lightfoot wrote: | On Fri, Jun 16, 2006 at 01:24:25PM +0300, Odhiambo G. Washington wrote: | > | > Hi, | > | > PS: This is a bit OT, but there is an Exim bit. | > | > | > I have a server that I use for hosting websites. I simply give ftp | > access and the customer just uploads their web content. The problem | > comes in the name of some code used in these websites - they allow | > http-put and http-post by spammers. | > | > Information about my blacklisted server is here: | > | > http://dsbl.org/listing?62.8.64.6 | > | > Now, since I am running Exim on this server, is there a way to take | > care of (prevent the spamming) such a situation within Exim itself? | > | > So far, this server is almost permanently blacklisted. | > | > I'd appreciate if anyone knows a better way to audit the web data | > content stored on the server, even ;) | | hang on, the claim in the above link is that your server | is an open web proxy, not that there's a specific script | on it that's exploitable (though of course there may be | one of those too).
Sure. Only that at the back of my mind, I also thought of the presence of one of those insecure scripts found on the web and used without any due consideration by web designers. Well, security is not a priority for the ones who are just starting... | I'm a bit surprised by that because your server (a) | appears to be apache; but (b) doesn't list mod_proxy in | the Server: header. It also doesn't appear to permit the | types of exploits that the above link talks about: | | : [EMAIL PROTECTED] ~/sof*/mythic-u* \$; telnet 62.8.64.6 80 | Trying 62.8.64.6... | Connected to 62.8.64.6. | Escape character is '^]'. | POST http://sphinx.mythic-beasts.com:25/ HTTP/1.0 | Host: sphinx.mythic-beasts.com | Content-Length: 112 | | HELO fish | MAIL FROM: <[EMAIL PROTECTED]> | RCPT TO: <[EMAIL PROTECTED]> | DATA | Fish soup is good for you | .. | QUIT | HTTP/1.1 404 Not Found | Date: Fri, 16 Jun 2006 11:38:55 GMT | Server: Apache/1.3.33 (Darwin) mod_jk/1.2.4 DAV/1.0.3 mod_ssl/2.8.24 OpenSSL/0.9.7i PHP/4.3.11 mod_perl/1.26 | Connection: close | Content-Type: text/html; charset=iso-8859-1 | | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> | <HTML><HEAD> | <TITLE>404 Not Found</TITLE> | </HEAD><BODY> | <H1>Not Found</H1> | The requested URL / was not found on this server.<P> | <HR> | <ADDRESS>Apache/1.3.33 Server at sphinx.mythic-beasts.com Port 25</ADDRESS> | </BODY></HTML> | | -- the results there indicate that it's just accepting | HTTP requests for any hostname and returning a `not found' | result (I guess you use the apache mass hosting mode?). Yes. One IP, several name virtual hosts. | I see from the blacklist page above that the emails which | were passed through the machine were sent almost a year | ago; perhaps the configuration of the machine has been | changed to fix this problem since then? Somewhere in between I took the management of the server and disabled the default MTA it comes with (Postfix) and instead deployed Exim. The reason was simply my allergy to any other MTA ;) | In any case I don't understand why the removal request | hasn't been processed, though of course the operators of | the blacklist are permitted to put whatever information | they want into it, whether or not it's correct (module | local law on defamation etc.). If they continue to be | intransigent, forward mail via a second IP address and | chalk this one up to the general idiocy of people trying | to do spam filtering on IP address only. Sure advise. I will resort to your advise as the "conclusive" one to use. I also haven't understood why they have failed to process the removal. Now that you've tested and confirmed theirs is untrue, I'll simply look for a different IP address and use that as the outgoing. Thank you do much for your time. cheers - wash +----------------------------------+-----------------------------------------+ Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) | wash () WANANCHI ! com . 1ere Etage, Loita Hse, Loita St., | GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI | GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 | +---------------------------------+------------------------------------------+ "Oh My God! They killed init! You Bastards!" --from a /. post -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
