I had one of my servers with this problem. It was Roundcube and Apache. Still not sure that I'm safe enough. It didn't happen again so far, and I hope it wont. I have two other servers, for witch I gladly bought a QMT install cd to prevent any of this :)
Regards, António Pedro Lima > -----Mensagem original----- > De: Philip Nix Guru [mailto:phi...@ows.ch] > Enviada: segunda-feira, 31 de Agosto de 2009 21:20 > Para: qmailtoaster-list@qmailtoaster.com > Assunto: Re: [qmailtoaster] qmail machine being spammer help... > > Hello > we had a lot of those attacks on our web hosting servers in the past > and it has only to do with apache . It is a known and old exploit, > a spam relay is using Apache to forward data to an open mail relay. > We check those at router level but the mod_security works fine for a > single machine > > Really it is an old exploit. > Nothing to worry about regarding the toaster, well you can always add a > nice mod_security configuration to take care of all those little exploits > > > > > Jake Vickers wrote: > > Eric Shubert wrote: > >> Thanks Jake. So is this simply an apache configuration issue? Is > >> there an easy way it can be 'fixed' in a toaster package configuration? > >> > > > > It's actually an issue with the programming of the application > > (talking about Roundcube here). There are a couple different Apache > > modules that can be utilized to proxy or filter the PHP code used and > > help prevent the exploits in the code. > > I'm sure something could be written into QTP to install any one of > > those modules if someone wants to lay out a skeleton that can be used > > as a base for the installation of the module. > > > > > > ------------------------------------------------------------------------ > --------- > > > > Qmailtoaster is sponsored by Vickers Consulting Group > > (www.vickersconsulting.com) > > Vickers Consulting Group offers Qmailtoaster support and > > installations. > > If you need professional help with your setup, contact them today! > > ------------------------------------------------------------------------ > --------- > > > > Please visit qmailtoaster.com for the latest news, updates, and > > packages. > > To unsubscribe, e-mail: > > qmailtoaster-list-unsubscr...@qmailtoaster.com > > For additional commands, e-mail: > > qmailtoaster-list-h...@qmailtoaster.com > > > > > > -------------------------------------------------------------------------- > ------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and > installations. > If you need professional help with your setup, contact them today! > -------------------------------------------------------------------------- > ------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: qmailtoaster-list- > unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list- > h...@qmailtoaster.com > --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
