Re: postfix on wwwmaster.postgresql.org is shut down
| От | Marc G. Fournier |
|---|---|
| Тема | Re: postfix on wwwmaster.postgresql.org is shut down |
| Дата | |
| Msg-id | 20051216190356.D1087@ganymede.hub.org обсуждение исходный текст |
| Ответ на | Re: postfix on wwwmaster.postgresql.org is shut down ... ("Gavin M. Roy" <gmr@ehpg.net>) |
| Список | pgsql-www |
Just doubled checked, and it isn't *our* server there ... was getting a bit worried that somehow someone was spam'ng through the bt server or something *wipe brow* On Fri, 16 Dec 2005, Gavin M. Roy wrote: > Thanks, I'll send an abuse complaint to ev1, like they'll do anything. > > Regards, > > Gavin > > On Dec 16, 2005, at 12:48 PM, Magnus Hagander wrote: > >>> There are 23k messages in the queue right now that have been >>> 'received from localhost' by user www@svr2.postgresql.org ... >>> someone is making use of a 'hole' in one of our CGIs, but I >>> can't seem to figure out which one, so have let Dave/Magnus >>> know and hopefully they can figure out which one ... >>> >>> Until we've found and plugged the hole, postfix is down ... >>> if someone reports a problem with sending an email, please >>> let us know ... >> >> >> Problem identified. >> >> There was a horribly old and outdated version of awstats.pl on the >> system, that was for some reason linked in and possible to use without >> any authentication or anything. There are known security issues in it, >> and adding logging everywhere showed that that's what was exploited >> using the srv2.postgresql.org virtual server (which isn't even in used). >> >> I've disabled it in apache and removed the files from the server as >> well. >> >> Yet another example of why it's overdue that we're doing something about >> all the stuff that's installed and active, but not actually used :-( But >> as that is work in progress now, I'll just wait for that to get done :-) >> >> I've re-enabled postfix after deleting all the spam in the queue. >> >> If someone wants to pursue it (Gavin?), the hits came in from >> 66.98.214.41, which is on ev1servers.net. There are still log files >> available showing four requests to it that coincided perfectly with spam >> mail entering the queue. >> >> //Magnus > > Gavin M. Roy > 800 Pound Gorilla > gmr@ehpg.net > > ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664
В списке pgsql-www по дате отправления: