Recently I started leased a dedicated server from HIGHSPEEDWEB.NET, it came preconfigured (somewhat) and I was told that it would be "secure" for telnet (only specifically stated IP address(s) could gain access), etc. However, I have found that this is not the case, it seems that they do not place limiting information in the host.deny file so anyone can still telnet into the server. Also, their mail configuration which allows users to add mail aliases either via a web interface or by editing a file called .mailalias in their home directories is faulty. Users may place _ANY_ valid local domain into this file and forward mail from that domain to their email address. The system works by running a cron script once per day and updating the sendmail virtual user database. The following is an example person A has a webhosting account on the HIGHSPEEDWEB.NET configured server, person B wishes to "steal" email from Person A, they are targeting the [EMAIL PROTECTED] as the attacked address and they are going to have that forwarded to [EMAIL PROTECTED], they add the following line to their .mailalias file [EMAIL PROTECTED] [EMAIL PROTECTED] when the next update occurs any email sent to [EMAIL PROTECTED] will be forwarded to [EMAIL PROTECTED], this also works with wildcards i..e. @person-a-domain.com [EMAIL PROTECTED] would work if your entry is read into the sendmail virtual user database before the one that exists in Person A's directory. I notified HIGHSPEEDWEB.NET of the security issue well over a month ago and have not had any response from them regarding a fix. I however did instate one of my own my forcing users to call myself to have aliases added for the time being. Brian Mueller ************************************************* Brian Mueller President/CEO CreoTech "We are the future" www.creotech.com [EMAIL PROTECTED] 513.722.8645 *************************************************
