I had this happen to us. I had to switch from port 80 to 8383 this is the
only fix that I have found. You could setup a redirect from a webserver to
point to mail.yourdomain.com:8383.
Kris McElroy
[EMAIL PROTECTED]
Internet Systems Engineer
Duracom, INC.
----- Original Message -----
From: "Cody Wilson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 25, 2001 3:55 PM
Subject: RE: [IMail Forum] Virus Attacks
> Okay, so has anyone with Urlscan set it up successfully with web messaging
> for Imail. I have a box that does not have IIS on it. I first crashed on
> Sunday and now again on Tuesday. I am suspect that it is fielding the hack
> attempts and crashing.
>
> Any other suggestions on how to ward of these attacks on web messaging.
>
> Cody
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of randy
> Sent: Tuesday, September 25, 2001 1:16 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [IMail Forum] Virus Attacks
>
>
> i'v installed it in default mode but ho wdo you edit the file or files to
> add to it and edit it anyhelp..
>
> [EMAIL PROTECTED]
> ----- Original Message -----
> From: "Bording Ostergaard" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, September 24, 2001 11:48 PM
> Subject: Re: [IMail Forum] Virus Attacks
>
>
> >
> > Run it at the command line with a /? and expand. If this doesn't make
> > sense you should probably step away as it is not at all user friendly to
> > set up and it will neuter your server with a vengeance if not set up
> > properly. No traffic allowed = absolute security, and no server.
> >
> > Bording
> >
> >
> > At 11:29 PM 09/24/2001 -0500, you wrote:
> > >how do ya use urlscan i DL it but theres not instructions on how to
edit
> it
> > >or where to edit it.
> > >
> > >[EMAIL PROTECTED]
> > >[EMAIL PROTECTED]
> > >
> > >----- Original Message -----
> > >From: "Bording Ostergaard" <[EMAIL PROTECTED]>
> > >To: <[EMAIL PROTECTED]>
> > >Sent: Monday, September 24, 2001 11:02 PM
> > >Subject: RE: [IMail Forum] Virus Attacks
> > >
> > >
> > > >
> > > > Nope, had to modify it. Run it at the command line with a /? and
> expand
> > >it
> > > > to a folder first. Then read, read, read .....
> > > >
> > > > Be careful as it will go right ahead and install itself if you just
> run it
> > > > from Explorer. Nasty little habit that is and it puts you straight
> into
> > >the
> > > > glue without any preparation and understanding.
> > > >
> > > > BE CAUTIOUS! but it does work very well so far.
> > > >
> > > > Bording
> > > >
> > > >
> > > > At 10:15 PM 09/24/2001 -0500, you wrote:
> > > > >Did you use the default settings to install URLScan? Any
particular
> > >changes
> > > > >you recommend to those trying it out?
> > > > >
> > > > >Todd
> > > > >
> > > > >-----Original Message-----
> > > > >From: [EMAIL PROTECTED]
> > > > >[mailto:[EMAIL PROTECTED]]On Behalf Of Bording
> > > > >Ostergaard
> > > > >Sent: Monday, September 24, 2001 9:25 PM
> > > > >To: [EMAIL PROTECTED]
> > > > >Subject: Re: [IMail Forum] Virus Attacks
> > > > >
> > > > >
> > > > >
> > > > >URLScan just released by Microsoft is doing a great job on our
server
> by
> > > > >filtering malformed and disallowed requests before they ever get
> > >submitted
> > > > >to IIS. We turned on the log and in 16 hours we've picked up
nearly
> a
> > >meg
> > > > >of reports on ongoing hacks and probes. Bastards!
> > > > >
> > > > >Read carefully before installing though as it is still a in "roll
up
> your
> > > > >sleeves" release mode and is unsupported.
> > > > >
> > > > >So far our server has been happy with it in place with no problems
or
> > > > >memory leaks and all sites are running just fine without any
apparent
> > > > >performance degradation. Be mindful though and test it on a
> > >non-production
> > > > >server until you understand just how to configure it properly or it
> will
> > > > >shut you down.
> > > > >
> > > > >Bording
> > > > >
> > > > >
> > > > >At 08:52 PM 09/24/2001 -0500, you wrote:
> > > > > >Does anyone know of a utility that will automatically block those
> IIS
> > > > > >servers that constantly try to attack an Imail server to stop
these
> > > > >constant
> > > > > >attempts to attack port 80? Has anyone written a script that
will
> add
> > >them
> > > > > >to the kill file? I think this would be a great
> > > > > >script/software/enhancement!!!!
> > > > > >
> > > > > >20010924 204806 Socket Error - 63.237.172.134 Error while writing
> > >sockect
> > > > > >due to error 10054 or malicious connection type.
> > > > > >20010924 204806 Socket Error - 63.237.172.134 Error while writing
> > >sockect
> > > > > >due to error 10054 or malicious connection type.
> > > > > >20010924 204806 Socket Error - 63.237.172.134 Error while writing
> > >sockect
> > > > > >due to error 10054 or malicious connection type.
> > > > > >20010924 204807 Info - 63.237.172.134 GET
/MSADC/root.exe?/c+dir
> > > > >HTTP/1.0.
> > > > > >
> > > > > >Anyone
> > > > > >
> > > > > >Tim D
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >_______________________________________________________________
> > > > > >Sent using Novelty Mail the FREE EMAIL SERVICE. Click here
> > > > > >http://noveltymail.com to get your own free email using this or
ANY
> of
> > >our
> > > > > >fun domain names.
> > > > > >
> > > > > >Please visit http://www.ipswitch.com/support/mailing-lists.html
> > > > > >to be removed from this list.
> > > > > >
> > > > > >An Archive of this list is available at:
> > > > > >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> > > > >
> > > > >
> > > > >Please visit http://www.ipswitch.com/support/mailing-lists.html
> > > > >to be removed from this list.
> > > > >
> > > > >An Archive of this list is available at:
> > > > >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> > > > >
> > > > >
> > > > >Please visit http://www.ipswitch.com/support/mailing-lists.html
> > > > >to be removed from this list.
> > > > >
> > > > >An Archive of this list is available at:
> > > > >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> > > >
> > > >
> > > > Please visit http://www.ipswitch.com/support/mailing-lists.html
> > > > to be removed from this list.
> > > >
> > > > An Archive of this list is available at:
> > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> > > >
> > > >
> > >
> > >
> > >Please visit http://www.ipswitch.com/support/mailing-lists.html
> > >to be removed from this list.
> > >
> > >An Archive of this list is available at:
> > >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >
> >
> > Please visit http://www.ipswitch.com/support/mailing-lists.html
> > to be removed from this list.
> >
> > An Archive of this list is available at:
> > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >
> >
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
