OT, but related -- WAS: [Mailwatch-users] Active Probes heads up
jvoorhees1 at gmail.com
Fri Feb 27 18:13:23 GMT 2009
On Fri, Feb 27, 2009 at 12:31 PM, dnsadmin 1bigthink.com
<dnsadmin at 1bigthink.com> wrote:
> Hello All,
> Related, but not MailScanner -- from the MailWatch list group:
> I have noticed lots of web probes for...
> ...across a few dozen of our servers last night. They were tied in with the
> usual web
> application attacks so I get the feeling these signatures have been added to
> some script
> kiddie point and click hacking tool.
> If you haven't already removed / patched doc.php, now would be the time!
> For those of you unaware of this vulnerability it basically allows you to
> read any file on the
Thanks for sharing your post here. According to the link the exploit
only works when magic_gpc_quotes is Off in php.ini.
Fortunately, I always have that setting in ON, and use "Allow from"
certain IP address only from Apache configuration when not being
almost all time I block mailwatch access from Apache to anyone who
isn't connected trough VPN.
Does anybody here have the patch code?
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
More information about the MailScanner