Never heard of such an abuse neither. Only we are victim of one such. So I would be interessted in any findings
Robert Am Dienstag, 14. Oktober 2003 03:46 schrieb Paul Winkler: > On Mon, Oct 13, 2003 at 05:36:51PM -0700, Chris Pelton wrote: > > Hello, > > > > I'm trying to do some forensics on a redhat 6.2 box that was somehow > > turned into a mail relay and may have been compromised. The mail logs > > show the mail coming from an apache virtual host address, and this > > machine was running zope, and the list of hotfix files I see is: > > > > 5220 May 25 2001 Hotfix_2000-10-02.tar.gz > > 2800 May 25 2001 Hotfix_2000-10-11.tgz > > 3002 May 25 2001 Hotfix_2000-12-08.tgz > > 2839 May 25 2001 Hotfix_2000-12-15a.tgz > > 2386 May 25 2001 Hotfix_2000-12-18.tgz > > 1899 May 25 2001 Hotfix_2001-02-23.tgz > > 3292 May 25 2001 Hotfix_2001-03-08.tgz > > 2492 May 25 2001 Hotfix_2001-05-01.tgz > > if you're worried that one of those is a trojan, you could re-download > the hotfixes here and use diff or cmp: > http://zope.org/Products/Zope/swpackage_view > > > So, would anybody have any ideas how to determine if this might have > > been compromised? Or is there a known mail relay exploit through zope > > somehow? > > never heard of one, but if you have a MailHost with wide open permissions > somebody could pretty easily write a client script to abuse it. > > > Not sure what version of zope this is > > That would be listed in the output on startup, and you can also check by > visiting http://zope_server:zope_port/Control_Panel/manage_main -- mit freundlichen Gr�ssen Robert Rottermann www.redCOR.ch _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
