OT, but related -- WAS: [Mailwatch-users] Active Probes heads up
ssilva at sgvwater.com
Fri Feb 27 18:59:26 GMT 2009
on 2-27-2009 10:13 AM Jason Voorhees spake the following:
> On Fri, Feb 27, 2009 at 12:31 PM, dnsadmin 1bigthink.com
> <dnsadmin at 1bigthink.com> wrote:
>> Hello All,
>> Related, but not MailScanner -- from the MailWatch list group:
>> I have noticed lots of web probes for...
>> ...across a few dozen of our servers last night. �They were tied in with the
>> usual web
>> application attacks so I get the feeling these signatures have been added to
>> some script
>> kiddie point and click hacking tool.
>> If you haven't already removed / patched doc.php, now would be the time!
>> For those of you unaware of this vulnerability it basically allows you to
>> read any file on the
> Thanks for sharing your post here. According to the link the exploit
> only works when magic_gpc_quotes is Off in php.ini.
> Fortunately, I always have that setting in ON, and use "Allow from"
> certain IP address only from Apache configuration when not being
> almost all time I block mailwatch access from Apache to anyone who
> isn't connected trough VPN.
> Does anybody here have the patch code?
mv docs.php docs.php.kill
That fixed it for me. I wasn't using it anyway, and most people aren't.
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090227/bd9bdc78/signature.bin
More information about the MailScanner