[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] [OT] Email spam

Subject: RE: [cobalt-users] [OT] Email spam
From: jale@xxxxxxxxxx
Date: Tue Aug 27 06:23:00 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

The FormMail exploit happened to us last week.  A review of the [raq3]
/var/log/maillog shows the excessive activity.  A review of
/home/log/httpd/access will reveal if the formail exploit is being used.
Also check out the messages sitting in /home/spool/mail/mqueue yet to be
delivered.  We had thousands of spam messages sitting in there.

With my SMTP not responding problem, I did a locate on formmail.cgi and .pl(with all sorts of variations on caps, ie: FormMail, etc., and didn't findit on my RAQ3. Any other names it can go by? Is there a way to specifywildcards in a locate command, ie: *.cgi or *.pl - I did some tests but itdid not do what I hoped it would.

I know what cgi and pl my users are allowed to have, so I'd like to see alist of all of them to scrutinize.


Thanks (didn't I say that already?)
Jale

Follow-Ups:
- Re: [cobalt-users] [OT] Email spam
  - From: Jeff Lasman
- Re: [cobalt-users] [OT] Email spam
  - From: Steve Werby

References:
- Re: [cobalt-users] [OT] Email spam
  - From: jale
- RE: [cobalt-users] [OT] Email spam
  - From: Joseph R Brennskag

Prev by Date: RE: [cobalt-users] Which Cobalt for my config ?
Next by Date: [cobalt-users] stats strange error
Previous by thread: RE: [cobalt-users] [OT] Email spam
Next by thread: Re: [cobalt-users] [OT] Email spam

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index