OT, but related -- WAS: [Mailwatch-users] Active Probes heads up

Scott Silva ssilva at sgvwater.com
Fri Feb 27 18:59:26 GMT 2009


on 2-27-2009 10:13 AM Jason Voorhees spake the following:
> Hi:
> 
> On Fri, Feb 27, 2009 at 12:31 PM, dnsadmin 1bigthink.com
> <dnsadmin at 1bigthink.com> wrote:
>> Hello All,
>>
>> Related, but not MailScanner -- from the MailWatch list group:
>>
>> Hi,
>>
>> I have noticed lots of web probes for...
>>
>> /mailwatch/mailscanner/docs.php?doc=../../../../../../../etc/passwd%00
>> /mailscanner/docs.php?doc=../../../../../../../etc/passwd%00
>> /mailwatch-1.0.4/mailscanner/docs.php?doc=../../../../../../../etc/passwd%00
>> /docs.php?doc=../../../../../../../etc/passwd%00
>>
>> ...across a few dozen of our servers last night. �They were tied in with the
>> usual web
>> application attacks so I get the feeling these signatures have been added to
>> some script
>> kiddie point and click hacking tool.
>>
>> If you haven't already removed / patched doc.php, now would be the time!
>>
>>
>> For those of you unaware of this vulnerability it basically allows you to
>> read any file on the
>> server:
>>
> 
> Thanks for sharing your post here. According to the link the exploit
> only works when magic_gpc_quotes is Off in php.ini.
> 
> Fortunately, I always have that setting in ON, and use "Allow from"
> certain IP address only from Apache configuration when not being
> paranoic
> almost all time I block mailwatch access from Apache to anyone who
> isn't connected trough VPN.
> 
> Does anybody here have the patch code?

mv docs.php docs.php.kill

That fixed it for me. I wasn't using it anyway, and most people aren't.




-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090227/bd9bdc78/signature.bin


More information about the MailScanner mailing list