-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Update of what is happening to David, forwarded to the list as per his request.
David, I'd like to see those requests from your logs. Blue skies... Todd - ----- Forwarded message from "David E. Fox" ----- Date: Mon, 10 Nov 2003 20:41:57 -0800 (PST) From: "David E. Fox" X-Mailer: ELM [version 2.5 PL6] To: todd Subject: hijack cont. X-Spam-Status: No, hits=-12.0 required=5.0 tests=BAYES_00 autolearn=ham version=2.60 Todd: I thought I'd mail you privately on a couple of things; * because of various blacklists I cannot post to the lists and such. I'm still listed in MAPS. I am trying to get them to de list me. * After going back and forth with LX (my mail bounces to him, natch) it seems clear that an open proxy was used - a vulnerability in apache mod-proxy, to be specific. After reviewing the logs, I have seen a large number of GETs in /var/log/httpd/*.log with verrrrrrrrrrrrry long pathnames and/or requests to xxx.xxx.xxx:25. I think that is how they got in. * In order to circumvent, I have installed portsentry (why isn't this included any more with Mandrake??!??!?) and got chkrootkit. Chkrootkit reports everything OK, and portsentry has managed to block a fair number of IPs so far. * LX told me this is on bugtraq. Apparently a vulnerability exists in apache mod-proxy -- this was reported with plain vanilla apache (not apache2) in June of this year. Mandrake probably needs to ensure that users don't install apache2 components unless and until they really need them (and I admit I probably installed too much). I have removed apache2, and installed just the bare bones functionality (2 rpms vs. five or six). Todd - if you can forward this to expert I would *really* appreciate it. I hope my mail doesn't bounce :( - ------------------------------------------------------------------------ David E. Fox Thanks for letting me [EMAIL PROTECTED] change magnetic patterns [EMAIL PROTECTED] on your hard disk. - ----------------------------------------------------------------------- - ----- End forwarded message ----- - -- Blue skies... Todd Public key: http://www.mrball.net/todd.asc <scandal> cannonball: you gonna wear your ferengi ears? :) <Morph> scandal: everyone knows its the year of the Romulan..*slap* <scandal> trust me to show up unfashionably dressed to a scifi convention Linux kernel 2.4.22-12.tmb.1mdk 2 users, load average: 1.21, 1.15, 1.18 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: http://www.mrball.net/todd.asc iD8DBQE/sG8YIBT1264ScBURAp0RAKCDfN+oRY/Ki5ZOkvF0a0I8WO+l6QCg6FTp 3rPerc1NcOAO6+7xqVjoK3g= =ypUw -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com