-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Update of what is happening to David, forwarded to the list as per his
request.
David, I'd like to see those requests from your logs.
Blue skies... Todd
- ----- Forwarded message from "David E. Fox" -----
Date: Mon, 10 Nov 2003 20:41:57 -0800 (PST)
From: "David E. Fox"
X-Mailer: ELM [version 2.5 PL6]
To: todd
Subject: hijack cont.
X-Spam-Status: No, hits=-12.0 required=5.0 tests=BAYES_00 autolearn=ham
version=2.60
Todd:
I thought I'd mail you privately on a couple of things;
* because of various blacklists I cannot post to the lists and
such. I'm still listed in MAPS. I am trying to get them to
de list me.
* After going back and forth with LX (my mail bounces to him,
natch) it seems clear that an open proxy was used - a
vulnerability in apache mod-proxy, to be specific. After
reviewing the logs, I have seen a large number of GETs
in /var/log/httpd/*.log with verrrrrrrrrrrrry long
pathnames and/or requests to xxx.xxx.xxx:25. I think that
is how they got in.
* In order to circumvent, I have installed portsentry (why isn't
this included any more with Mandrake??!??!?) and got chkrootkit.
Chkrootkit reports everything OK, and portsentry has managed
to block a fair number of IPs so far.
* LX told me this is on bugtraq. Apparently a vulnerability
exists in apache mod-proxy -- this was reported with plain
vanilla apache (not apache2) in June of this year. Mandrake
probably needs to ensure that users don't install apache2
components unless and until they really need them (and I
admit I probably installed too much). I have removed apache2,
and installed just the bare bones functionality (2 rpms vs.
five or six).
Todd - if you can forward this to expert I would *really* appreciate
it. I hope my mail doesn't bounce :(
- ------------------------------------------------------------------------
David E. Fox Thanks for letting me
[EMAIL PROTECTED] change magnetic patterns
[EMAIL PROTECTED] on your hard disk.
- -----------------------------------------------------------------------
- ----- End forwarded message -----
- --
Blue skies... Todd Public key: http://www.mrball.net/todd.asc
<scandal> cannonball: you gonna wear your ferengi ears? :)
<Morph> scandal: everyone knows its the year of the Romulan..*slap*
<scandal> trust me to show up unfashionably dressed to a scifi convention
Linux kernel 2.4.22-12.tmb.1mdk 2 users, load average: 1.21, 1.15, 1.18
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: http://www.mrball.net/todd.asc
iD8DBQE/sG8YIBT1264ScBURAp0RAKCDfN+oRY/Ki5ZOkvF0a0I8WO+l6QCg6FTp
3rPerc1NcOAO6+7xqVjoK3g=
=ypUw
-----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
