-Mensagem original-
De: Philip Nix Guru [mailto:phi...@ows.ch]
Enviada: segunda-feira, 31 de Agosto de 2009 21:20
Para: qmailtoaster-list@qmailtoaster.com
Assunto: Re: [qmailtoaster] qmail machine being spammer help...
Hello
we had a lot of those attacks on our web hosting servers in the past
W dniu 31.08.2009 05:32, Hajid pisze:
My domain panentour.com
* From: * Vidyadhar [mailto:vidyadha...@gmail.com]
*Sent:* Monday, August 31, 2009 10:23 AM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] qmail machine being spammer help...
What is your domain name?
Sent
Remove RoundCube, use squirrelmail. Check your http log, you probably find
successful attack on RC (POST method).
For example:
POST /roundcube/bin/html2text.php HTTP/1.0
I got this log from apache.
143.127.102.144 - - [27/Jul/2009:02:23:55 +0700] POST
http://143.127.103.23:25/ HTTP/1.0 302 - -
W dniu 31.08.2009 10:35, Hajid pisze:
I got this log from apache.
143.127.102.144 - - [27/Jul/2009:02:23:55 +0700] POST
http://143.127.103.23:25/ HTTP/1.0 302 - - -
195.4.92.4 - - [14/Aug/2009:01:00:44 +0700] CONNECT mtrap.freenet.de:25
HTTP/1.0 302 - - -
195.4.92.4 - - [14/Aug/2009:01:00:45
Hello
ok that's typical attack :)
even if you have proxy disabled it happends
What you can do to block this quickly , simply use apache mod_security
and block CONNECT
something like this :
#Proxy CONNECT Request
SecFilterSelective THE_REQUEST ^CONNECT
Hajid wrote:
Remove RoundCube, use
Is this a vulnerability that needs to be addressed in the stock toaster,
or is it only due to roundcube?
Philip wrote:
Hello
ok that's typical attack :)
even if you have proxy disabled it happends
What you can do to block this quickly , simply use apache mod_security
and block CONNECT
Hello
it is due to apache
got nothing to do with toaster
Eric Shubert wrote:
Is this a vulnerability that needs to be addressed in the stock
toaster, or is it only due to roundcube?
Philip wrote:
Hello
ok that's typical attack :)
even if you have proxy disabled it happends
What you can do
Maybe nothing to do with email, but since various toaster packages use
apache, I would think that there's a relationship.
Philip wrote:
Hello
it is due to apache
got nothing to do with toaster
Eric Shubert wrote:
Is this a vulnerability that needs to be addressed in the stock
toaster, or is
Eric Shubert wrote:
Is this a vulnerability that needs to be addressed in the stock
toaster, or is it only due to roundcube?
From the last half-dozen or so servers I've fixed from issues just like
this, the vulnerability has been because of Roundcube (1 was because of
other custom-written
Thanks Jake. So is this simply an apache configuration issue? Is there
an easy way it can be 'fixed' in a toaster package configuration?
Jake Vickers wrote:
Eric Shubert wrote:
Is this a vulnerability that needs to be addressed in the stock
toaster, or is it only due to roundcube?
From
Eric Shubert wrote:
Thanks Jake. So is this simply an apache configuration issue? Is there
an easy way it can be 'fixed' in a toaster package configuration?
It's actually an issue with the programming of the application (talking
about Roundcube here). There are a couple different Apache
Hello
we had a lot of those attacks on our web hosting servers in the past
and it has only to do with apache . It is a known and old exploit,
a spam relay is using Apache to forward data to an open mail relay.
We check those at router level but the mod_security works fine for a
single machine
Hi all, please help me with this spam. My qmail machine being spammer.
MESSAGE NUMBER 144860
--
Received: (qmail 26019 invoked by uid 30); 26 Aug 2009 21:18:10 -
To: undisclosed-recipients: ;
Subject: Employment Opportunity.
MIME-Version: 1.0
Date: Thu, 27 Aug 2009 04:18:10
What is your domain name?
Sent on my BlackBerry® from Vodafone Essar
-Original Message-
From: Hajid ha...@masolusi.com
Date: Mon, 31 Aug 2009 08:37:45
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] qmail machine being spammer help...
Hi all, please help me
:37:45 +0700
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] qmail machine being spammer help...
Hi all, please help me with this spam. My qmail machine being spammer.
MESSAGE NUMBER 144860
--
Received: (qmail 26019 invoked by uid 30); 26 Aug 2009 21:18:10 -
My domain panentour.com
_
From: Vidyadhar [mailto:vidyadha...@gmail.com]
Sent: Monday, August 31, 2009 10:23 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] qmail machine being spammer help...
What is your domain name?
Sent on my BlackBerryR from Vodafone
10:23 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] qmail machine being spammer help...
What is your domain name?
Sent on my BlackBerry® from Vodafone Essar
From: Hajid
Date: Mon, 31 Aug 2009 08:37:45 +0700
To: qmailtoaster-list
1. In my case.. Local (my domain) mail id got compromised. I used port
587 to send mails. So i checked the submission logs and found that
exact user(mail id). Then unplugged him from server(at least reset the
password)..
I have changed user password but spammer. But spammer still happened
What is the mailid jiangsuchemicals1...@yahoo.co.uk ?
Does it really comes from yahoo.co.uk? this can be found from
smtp(/var/log/qmail/smtp) logs or submission logs.
From which ip the spam mails are reaching to the server? Can you block
this ip from tcp.smtp?
If all the spam mails originating
What is the mailid jiangsuchemicals1...@yahoo.co.uk ?
Does it really comes from yahoo.co.uk? this can be found from
smtp(/var/log/qmail/smtp) logs or submission logs.
I can didn't see any smtp log for this, I have searching all smtp log.
From which ip the spam mails are reaching to the
Looking nice... So no new spam mails reaching the box now.. Use
qmailremove to remove the affected mails in the queue...
Thanks and Regards,
S.Senthilvel,
On Mon, Aug 31, 2009 at 10:28 AM, Hajidha...@masolusi.com wrote:
What is the mailid jiangsuchemicals1...@yahoo.co.uk ?
Does it
21 matches
Mail list logo
