[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Spammer sending from httpd on our RaQ3
- Subject: RE: [cobalt-users] Spammer sending from httpd on our RaQ3
- From: "Paul Johnson" <pfj@xxxxxxxxxxx>
- Date: Wed Dec 12 11:37:10 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Thanks a million, turns out one of our clients on that machine was using
the earlier version of formmail. All set!
How the h*ll does one keep up with all these security problems - it's
tough enough to keep our Cobalts and Windows servers patched...
- Paul -
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Parker Morse
Sent: Wednesday, December 12, 2001 12:33 PM
To: cobalt-users@xxxxxxxxxxxxxxx; Paul Johnson
Subject: Re: [cobalt-users] Spammer sending from httpd on our RaQ3
Paul:
> Someone is sending spam via one of our RaQs, they've apparently found
> a way to send mail as if it were coming from the http daemon. Not
> sure just how to disable this, particularly in a way that the GUI
> won't re-enable next time we add an email account. Any ideas?
>
> We've always kept the machine up to date with patches from Cobalt. No
> indication of any hacks to the machine.
Recent reading on news.admin.net-abuse.email suggests that there's a
hole in formmail.pl, a popular form-to-mail CGI. Anyone on your RaQ
using it? Have they upgraded to the most-recent version?
<http://worldwidemart.com/scripts/formmail.shtml> - note the "Security
Update" message at the top of the page.
pjm
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users