Richard Laager said the following on 02/20/06 23:46:
On Thu, 2006-02-16 at 11:50 -0800, Atanas wrote:
a sendmail log monitoring script that shuts down web sites
immediately (notifying both parties - the web site owner and the shared
server administrator) in case a web site starts sending
On Thu, 2006-02-16 at 11:50 -0800, Atanas wrote:
a sendmail log monitoring script that shuts down web sites
immediately (notifying both parties - the web site owner and the shared
server administrator) in case a web site starts sending suspicious
amounts of outgoing emails for a given
In a large scale environment with lots of websites with untrusted
content, trying to identify what exactly spammers can abuse and block it
via mod_rewrite or mod_security rules seems to be just a waste of time.
The best workaround I have found and already use for the past few years
is a
[EMAIL PROTECTED] wrote on 02/15/2006 06:59:34
PM:
I don't run PGP on this box... (laffin)
It's fun to watch though..
Right up there with watching attempts to hack an IIS box when it's not
even running Windows! Damn crap can fill up a log though.
--On Tuesday, February 14, 2006 1:26 PM -0600 Jim McCullars
[EMAIL PROTECTED] wrote:
I believe this exploit may be fairly new, in that I could find very
little on the web about it.
http://www.google.com/search?hl=enq=formmail+exploitbtnG=Google+Search
It's an old and well-known exploit. You
On Wed, 15 Feb 2006, Kenneth Porter wrote:
It's an old and well-known exploit. You can find a secure replacement
for
the old Formmail here:
I may not have been as clear about this as I should have been. This
was not an exploit against the FormMail script from Matt's Script Archive.
It
On Wed, 15 Feb 2006, Jim McCullars wrote:
You've wrote that you've disabled CGI --
Dunno, but I wouldn't weight PHP more secure than general CGI ??
Bye,
--
Steffen Kaiser
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
On Wed, Feb 15, 2006 at 08:54:59AM -0600, Jim McCullars wrote:
It's an old and well-known exploit. You can find a secure replacement
for
the old Formmail here:
I may not have been as clear about this as I should have been. This
was not an exploit against the FormMail script from
PHP's mail() function is completely broken. It is insecure, and it is
*impossible* to make it secure unless you aggressively sanitize all your
input.
PHP is a truly horrible language (hey, I use it every day, so I should
know...) and mail() stands out as one of the worst things about it.
I
David F. Skoll wrote:
PHP's mail() function is completely broken. It is insecure, and it is
*impossible* to make it secure unless you aggressively sanitize all your
input.
PHP is a truly horrible language (hey, I use it every day, so I should
know...) and mail() stands out as one of the worst
Steffen Kaiser wrote:
You've wrote that you've disabled CGI --
Dunno, but I wouldn't weight PHP more secure than general CGI ??
With header injection attacks, it doesn't really matter whether the
target is PHP or CGI. It's a matter of how the message actually gets
sent. With PHP's mail
Maybe this can help:
http://pear.php.net/manual/en/package.networking.net-smtp.php
HTH
Oliver
--
Oliver Schulze L.
[EMAIL PROTECTED]
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may
On Wed, Feb 15, 2006 at 10:05:03AM -0800, Kelson wrote:
One way you can test your own scripts for this is to create a copy of
your form and replace all your input and select elements with
textarea (even checkboxes and radio buttons). That way you can try
Or install the TamperData firefox
Speaking of which, I saw these in my logs today...
POST /xmlrpc.php HTTP/1.1 500 256
POST /blog/xmlrpc.php HTTP/1.1 500 256
POST /blog/xmlsrv/xmlrpc.php HTTP/1.1 500 256
POST /blogs/xmlsrv/xmlrpc.php HTTP/1.1 500 256
POST /drupal/xmlrpc.php HTTP/1.1 500 256
POST /phpgroupware/xmlrpc.php HTTP/1.1
On Wed, 2006-02-15 at 17:13 -0600, Ben Kamen wrote:
Speaking of which, I saw these in my logs today...
POST /xmlrpc.php HTTP/1.1 500 256
POST /blog/xmlrpc.php HTTP/1.1 500 256
POST /blog/xmlsrv/xmlrpc.php HTTP/1.1 500 256
POST /blogs/xmlsrv/xmlrpc.php HTTP/1.1 500 256
POST
On Wed, Feb 15, 2006 at 05:13:27PM -0600, Ben Kamen wrote:
Speaking of which, I saw these in my logs today...
POST /xmlrpc.php HTTP/1.1 500 256
Likely looking for versions not patched against this:
http://b2evolution.net/news/2005/08/31/fix_for_xml_rpc_vulnerability_again_1
I'll have to
G. Roderick Singleton wrote:
On Wed, 2006-02-15 at 17:13 -0600, Ben Kamen wrote:
Speaking of which, I saw these in my logs today...
POST /xmlrpc.php HTTP/1.1 500 256
POST /blog/xmlrpc.php HTTP/1.1 500 256
POST /blog/xmlsrv/xmlrpc.php HTTP/1.1 500 256
POST /blogs/xmlsrv/xmlrpc.php HTTP/1.1 500
Ben Kamen wrote:
I don't run PGP on this box... (laffin)
Er, that's PHP... (hey, I was one letter off... you all knew what I meant! :) )
-Ben
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND
Maybe this is only semi-OT since we do sometimes discuss spam issues not
strictly within the confines of MD/SA, but I wanted to share with the list
what happened to me yesterday.
I'm the administrator for, among other things, our campus web server. I
thought I had taken all the right
19 matches
Mail list logo
