[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Mail Bomb ... I'm stumped

Subject: [cobalt-users] Mail Bomb ... I'm stumped
From: Ursula <ursulasays@xxxxxxxxxxxx>
Date: Thu Nov 21 18:25:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

We've had a couple of strange incidents on a 4i. They
appear to be deliberate mail bombs, but appear to be
generated by httpd rather than coming from the
outside.

here's a sample of the email itself:
==start
Return-Path: <httpd>
Received: (from httpd@localhost)
        by my.server.name (8.10.2/8.10.2) id
gAK8Dvl11788;
        Wed, 20 Nov 2002 19:13:57 +1100
Date: Wed, 20 Nov 2002 19:13:57 +1100
Message-Id: <200211200813.gAK8Dvl11788@xxxxxxxxxxxxxx>
To: twit_with_horns@xxxxxxxxxxx
Subject: Eat My Shit
From: eat_this@xxxxxxxxxxxxxxxxxxxx
Reply-To: eat_this@xxxxxxxxxxxxxxxxxxxx


How are you twit?
==end

The To/From/Reply-To/Subject and the content can vary.



here's what the maillog is reporting:
Nov 20 18:34:35 www  sendmail[1565]: gAK7YZf01565:
from=httpd, size=260432, class=0, nrcpts=1,
msgid=<200211200734.gAK7YZf01565@xxxxxxxxxxxxxx>,
relay=httpd@localhost
Nov 20 18:34:35 www sendmail[1568]: gAK7YZQ01568:
from=httpd, size=260432, class=0, nrcpts=1,
msgid=<200211200734.gAK7YZQ01568@xxxxxxxxxxxxxx>,
relay=httpd@localhost
Nov 20 18:34:36 www sendmail[1571]: gAK7YaR01571:
from=httpd, size=260432, class=0, nrcpts=1,
msgid=<200211200734.gAK7YaR01571@xxxxxxxxxxxxxx>,
relay=httpd@localhost
Nov 20 18:34:37 www sendmail[1574]: gAK7YaF01574:
from=httpd, size=260432, class=0, nrcpts=1,
msgid=<200211200734.gAK7YaF01574@xxxxxxxxxxxxxx>,
relay=httpd@localhost
Nov 20 18:34:37 www sendmail[1577]: gAK7YbK01577:
from=httpd, size=260432, class=0, nrcpts=1,
msgid=<200211200734.gAK7YbK01577@xxxxxxxxxxxxxx>,
relay=httpd@localhost


Both access and error logs report nothing of interest
- no pl, cgi, asp or php being called at the time it
started. Nothing in there but single html and image
calls. Other logs, such as xfer, auth, fpexec, etc
have nothing of note in them either.

Does anyone have the slightest clue how this can be
happening?






=====

--

Ursula


http://www.yahoo.promo.com.au/hint/ - Yahoo! Hint Dropper
- Avoid getting hideous gifts this Christmas with Yahoo! Hint Dropper!

Follow-Ups:
- RE: [cobalt-users] Mail Bomb ... I'm stumped
  - From: Dan Kriwitsky
- Re: [cobalt-users] Mail Bomb ... I'm stumped
  - From: Gerald Waugh
- Re: [cobalt-users] Mail Bomb ... I'm stumped
  - From: tchong
- Re: [cobalt-users] Mail Bomb ... I'm stumped
  - From: Steve Werby

Prev by Date: [cobalt-users] Re: htaccess not working
Next by Date: RE: [cobalt-users] Question about parsing .html files
Previous by thread: RE: [cobalt-users] Re: htaccess not working
Next by thread: RE: [cobalt-users] Mail Bomb ... I'm stumped

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index