Thanks everybody for all your suggestions
i now have lost of informations and 15 days to make all sort of test.
Wishing all of you a Very Mery Christmas and a Happy New Year
Merci aussi au francophone pour votre expertise
Joyeux Noël et Bonne et Heureuse Année à tous
From: "R. DuFresne" <dufresne@xxxxxxxxxxx>
To: Jacques Beaudoin <jacques-beaudoin@xxxxxxxxxxx>
CC: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: Spammer are using port 80 on my firewall to send spam
Date: Fri, 23 Dec 2005 06:18:45 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 23 Dec 2005, Jacques Beaudoin wrote:
Greetings,
Im getting hit by spammer on port 80 on my firewall thats is also running
squid.
If i open port 80 to my mail server via prerouting, spammer wiill use
my firewall to send spam.
Port 80 is now block and i can see on my internet interface all
ip address trying to use my firewall as a spam proxy.
My squid rules looks ok.
But it sounds like the websewrver<s> is/are running a script/form/app that
is vulneralble, start the fix there, correct the problem that the
"attacker" is exploiting. Your squid and webserver logs should point at
clues to what's borked.
Thanks,
Ron DuFresne
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDq90Yst+vzJSwZikRAmdVAJ9Vk3Gbsq4BHVUqAsar6R49VgAnWQCffiHi
R/RxTi9XBe+TbdDkTKRPCBM=
=XQfd
-----END PGP SIGNATURE-----
_________________________________________________________________
Partagez une seule photo ou un diaporama complet dans MSN Messenger.
http://join.msn.com/?pgmarket=fr-ca&page=features/messenger Commencez dès
maintenant à profiter de tous les avantages de MSN Premium et obtenez les
deux premiers mois GRATUITS*.