From: | "Gavin M(dot) Roy" <gmr(at)ehpg(dot)net> |
---|---|
To: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
Cc: | <pgsql-www(at)postgresql(dot)org>, "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org> |
Subject: | Re: postfix on wwwmaster.postgresql.org is shut down ... |
Date: | 2005-12-16 22:30:42 |
Message-ID: | 6E483DBB-77C4-4B50-AB91-2606A2B08B08@ehpg.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
Thanks, I'll send an abuse complaint to ev1, like they'll do anything.
Regards,
Gavin
On Dec 16, 2005, at 12:48 PM, Magnus Hagander wrote:
>> There are 23k messages in the queue right now that have been
>> 'received from localhost' by user www(at)svr2(dot)postgresql(dot)org ...
>> someone is making use of a 'hole' in one of our CGIs, but I
>> can't seem to figure out which one, so have let Dave/Magnus
>> know and hopefully they can figure out which one ...
>>
>> Until we've found and plugged the hole, postfix is down ...
>> if someone reports a problem with sending an email, please
>> let us know ...
>
>
> Problem identified.
>
> There was a horribly old and outdated version of awstats.pl on the
> system, that was for some reason linked in and possible to use without
> any authentication or anything. There are known security issues in it,
> and adding logging everywhere showed that that's what was exploited
> using the srv2.postgresql.org virtual server (which isn't even in
> used).
>
> I've disabled it in apache and removed the files from the server as
> well.
>
> Yet another example of why it's overdue that we're doing something
> about
> all the stuff that's installed and active, but not actually used :-
> ( But
> as that is work in progress now, I'll just wait for that to get
> done :-)
>
> I've re-enabled postfix after deleting all the spam in the queue.
>
> If someone wants to pursue it (Gavin?), the hits came in from
> 66.98.214.41, which is on ev1servers.net. There are still log files
> available showing four requests to it that coincided perfectly with
> spam
> mail entering the queue.
>
> //Magnus
Gavin M. Roy
800 Pound Gorilla
gmr(at)ehpg(dot)net
From | Date | Subject | |
---|---|---|---|
Next Message | Marc G. Fournier | 2005-12-16 23:04:29 | Re: postfix on wwwmaster.postgresql.org is shut down |
Previous Message | Magnus Hagander | 2005-12-16 20:48:03 | Re: postfix on wwwmaster.postgresql.org is shut down ... |