Security problem in apache with forms?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <users@xxxxxxxxxxxxxxxx>
Subject: Security problem in apache with forms?
From: "Harald Heggelund" <harald@xxxxxxxxxxx>
Date: Tue, 30 Oct 2007 14:29:18 +0100
Organization: NORD Datasenter AS
Reply-to: users@xxxxxxxxxxxxxxxx
Thread-index: Acga+N+bjHhxeFvkT0qaBsfnMvczsQ==

Title: Security problem in apache with forms?

Hello,

Since installing a new slackware server with apache and sendmail out-of-the-box, I have noticed my server is sending (moderate amounts of) spam worldwide.

I suspect some webform or cgi-script. In the apache log, I see lots of these entries:

"POST http://87.118.100.88/proxy5/check.php HTTP/1.1" 404 297
"POST http://82.228.61.77:49627/Chcks/Data_I.php HTTP/1.1" 404 297

Have no idea what these scripts do (they certainly aren't mine!) but probably they use my localmailer to send spam. I believed external script was supposed to be forbidden (as the 404 may indicate), but maybe there's a bug when calling them from a POST?

Any (other) suggestions?

Follow-Ups:
- Re: Security problem in apache with forms?
  - From: Christian Folini

Prev by Date: Apache + Active Directory on Windows Machine
Next by Date: Re: Security problem in apache with forms?
Previous by thread: RE: Can we filter out messages going to error log
Next by thread: Re: Security problem in apache with forms?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]