I downloaded the source to version 1.2.3 and saw that you do in fact use
templates. Found main_menu.html defaced on their system and replaced
with that from the source.
I always thought that most deface endeavors targeted index.html only.
Did this hacker deliberately target QmailAdmin?
Scott Dudley wrote:
Let me preface this post by saying that I'm new to both Qmail and
QmailAdmin never before having used either.
I've been doing some contract work for a customer whose system has
been exploited several times repeatedly in the last few years -
rootkits, page defacement, et all.
One symptom I'm working on is QmailAdmin. After I successfully log
into the cgi, I get a defaced page. I looked at the cgi and looked to
me like it posts to itself. If that's the case - and it hasn't been
messed with, then how am I getting the cracker's page? Does
QmailAdmin use templates?
Any direction is most appreciated.
Thanks.
--
Regards,
Scott Dudley