Slightly OT - Exim / Apache
Matt Kettler
mkettler at EVI-INC.COM
Thu Dec 8 22:11:11 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Michele Neylon :: Blacknight Solutions wrote:
> Over the last few weeks the number of attacks on forms hosted on our servers
> has reached new levels
> Unfortunately the user id for the mail is set to apache, which makes
> tracking down the domain / user who has the vulnerable script very awkward
>
> I know there are solutions for sendmail which allow you to setup some way of
> tracing it back easily, but we haven't found any such solution for exim...
> (we may be looking in the wrong places!)
>
> If anybody has any such solution I would really appreciate them sharing a
> link
I don't know of any way to help you back-track, but I can suggest a way to
possibly forward-track. Have you tried using nessus in safe mode against the
server?
In safe mode it's not 100% reliable, generally does a very good job of at least
giving you a list of things to check on. They have an extensive list of common
scripts with vulnerabilities.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list