Re: [qmailtoaster] qmail machine being spammer help...

Mon, 31 Aug 2009 06:24:32 -0700 

Hello
ok that's typical attack :)
even if you have proxy disabled it happends

What you can do to block this quickly , simply use apache mod_security
and block CONNECT
something like this :

#Proxy CONNECT Request
SecFilterSelective THE_REQUEST "^CONNECT "





Hajid wrote:

Remove RoundCube, use squirrelmail. Check your http log, you probably find
successful attack on RC (POST method).
For example:
"POST /roundcube/bin/html2text.php HTTP/1.0"

I got this log from apache.

143.127.102.144 - - [27/Jul/2009:02:23:55 +0700] "POST
http://143.127.103.23:25/ HTTP/1.0" 302 - "-" "-"
195.4.92.4 - - [14/Aug/2009:01:00:44 +0700] "CONNECT mtrap.freenet.de:25
HTTP/1.0" 302 - "-" "-"
195.4.92.4 - - [14/Aug/2009:01:00:45 +0700] "PUT http://mtrap.freenet.de:25
HTTP/1.0" 302 - "-" "-"
195.4.92.4 - - [14/Aug/2009:01:00:46 +0700] "PUT
http://mail.panentour.com:25 HTTP/1.0" 302 - "-" "-"
195.4.92.4 - - [14/Aug/2009:01:00:47 +0700] "PUT http://localhost:25
HTTP/1.0" 302 - "-" "-"
195.4.92.4 - - [14/Aug/2009:01:00:47 +0700] "POST http://mtrap.freenet.de:25
HTTP/1.0" 302 - "-" "-"
195.4.92.4 - - [14/Aug/2009:01:00:48 +0700] "POST
http://mail.panentour.com:25 HTTP/1.0" 302 - "-" "-"
195.4.92.4 - - [14/Aug/2009:01:00:49 +0700] "POST http://localhost:25
HTTP/1.0" 302 - "-" "-"

and check http error.log, if you find something like "saved" your server is
hacked. :(
Check do you have /etc/ssh2 or strange directory in /tmp.
Tripwire could help you but IMHO it's too late.





---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
    Vickers Consulting Group offers Qmailtoaster support and installations.
      If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
     Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
     For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com





---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to