We had a case recently of a poorly-written user's cgi-bin program (in perl, of course) which could be tricked into dropping files. Curiously, it used dirs with system:anyuser write access in another school's cell for its spammy files (and just that one school's, as far as I know).
This was really pretty odd -- it seemed to indicate a knowledge of AFS that I wouldn't expect the usual weenie-pill-spammer to have. We have since pulled all other cells out of our user cgi-bin machine's CellServDB file. John > All > We are seeing a influx of spam laded web dirs in our afs cell. > These are dirs that our main web server serve out of our cell for the > students mostly. > Here is a sample: > http://www.msu.edu/~elizald2/viagra/order-viagra-overnight-delivery.html > I have disabled it but you get the idea,. This dir is chock-o-block full > of crap. > > I believe this is the work of a bot that arrives initially to the the > user via a spam email. > The bot then trolls through afs space (so the user is likely running > windows with the client running) locates a user volume where the user > has (foolishly) set system:anyuser to all acls and from there the bot > can install anything it wants in the users web space and then send out > spamage refering to this web space. > > Or this could be a compromised web server with an afs client running on > it. > > For now we are just trolling through our cell and looking for user dirs > where system:anyuser = all and then taking appropriate action as needed. > > I hope to get my hands on a email that refers to this space so maybe I > can track it back. > > Any thoughts? > /sd > > -- > Steve Devine > Email & Storage > Academic Computing & Network Services > Michigan State University > > 313 Computer Center > East Lansing, MI 48824-1042 > 1-517-432-7327 > > Baseball is ninety percent mental; the other half is physical. > - Yogi Berra > > _______________________________________________ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info > _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info