Security :: Apache Exploited To Send Out Spam From Mailform On Website?
Oct 7, 2010
I have a server with a couple of sites on it. Some of them have a webform where people can send them emails that they are interested in their work etc. though the "To:" and "From:" adress can't be change by the enduser, you can only enter text and press send. However it seems that someone (not on the server) has found a hole/exploit to use those webforms to send mails to who ever he wants.. I have the webserver setup with ssmtp (simple smtp) and it just forwards the mail sent from the server to my mail-server and there on it sends it out on the internet. If I check my log on the mail-server I can see the whole smtp session, where it's comming from and where it's going etc. I see that it comes from my webserver and over there I only have these log entries:
Oct 6 22:04:47 ettan2 sSMTP[1771]: Sent mail for itaumail@itau.com.br (221 2.0.0 Bye) uid=204 username=torget outbytes=3290
There are loads of those log entries, mostly at after office-hours between 17:00 and 7:00 I have scanned through all the Apache logs and can't find Anything that point to the e-mail addresses used or something like that. The reason I found this out was because he tries to send to a host that doesn't allow connection on port 25 so all the mails got stuck in the queue, over 1000 atm.. I'm using Apache 2.2 and Postfix 2.6 on a Debian Lenny install. What can I do to find out how he's doing this and close the "exploit"? Who would you recommend to setup the mail() thing in PHP for most security?
View 6 Replies
ADVERTISEMENT
Jul 26, 2010
On my website/blog I've gotten a couple of comments having what seems to be regular content (name, mail, message), but where the sender website field is set to "http://Yourwebsite". I find it strange that two comments from separate individuals fill the sender website field with this text. Is this possible to find out if these comments are spam or not? Based on the messages alone they don't seem to be, even though it is possible. From what I know the comments code don't enter this value by default.
View 2 Replies
View Related
Feb 18, 2010
I have been tasked with sending a kill -s SIGHUP (a reload) to a Daemon process owned by root running on a centOS 5.4 machine.
Obviously, Apache cannot normally do this, so I'm going to have to use the sudoers file.
My problem is, how do I allow the Apache user to only run the kill command? nothing else.
in testing, I've gotten Apache to basically run every command prefixed with sudo and no password prompting. But I want the added security to only run the kill command without the password being prompted everything else should prompt for a password.
I'm trying to understand the sudoers file, and i must say, its non-trivial.
is there a simple 1 line I can put in the sudoers file like
PHP Code:
apache ALL=(ALL) NOPASSWD: /bin/kill
View 6 Replies
View Related
Dec 26, 2010
When i run
Code:
I sometimes see
Code:
So i'm wondering if this means my ubuntu server box is being used for spam or something? There are no other (human) users on the computer and i don't use it to send mails.
I've run
Code:
In paranoia, but still when i run
Code:
I get
Code:
And sometimes
Code:
Just thought i should ask before starting the tedious process of reinstalling and restoring the system.
View 2 Replies
View Related
Nov 18, 2010
We have a spam in our network and we installed antivirus in all our systems and cleaned the virus from all pc's after that i had removed my ip from the database of blocked ip's but still my ip is blocked for sending spam i don't know from which pc the spam is going on the internet.
so i have a question that my proxy server is redhat linux and as a newbie i don't know the command's to find out which pc is creating large bandwidth to the internet. If you tell the command how to see which pc is sending spam then i will discard that pc. Also i want a strong firewall to stop spam activities.
View 6 Replies
View Related
Mar 8, 2010
I, as many here, have friends on different IM accounts (and btw, so great that we have pidgin and empathy and not have to deal with 3 different softwares to talk to them) and of all that I have... which are not so many... one of them sends me spam, not all the time, but it happens and I kind of feel sorry for her so I'd like to see if there's a way for her to retake control of her account or if she can't do anything at all with it.
I have other friends in MSN but I get spam only from her and she's given up on how to fix it cause she doesnt know how to. I did a search (and keep looking for more in the web) and so far it doenst look promising (but is also because I dont know what else to do). The problem is I get messages which I know for sure are spam, cause her english is more limited and the messages are very polished in that regard.
I got this from another discussion elsewhere: "troutbot = These bots get your IM from scraping the Internet screenname and connect you randomly to someone else. While you're talking to the troutbot, they're just an intermediary connecting you to some other guy who also had his IM scraped." So far the times I get spam... the other side never answers, but if my friend is online she can. I thought that on these IM services... if you are logged in nobody else can log in with your username/password...
View 4 Replies
View Related
Jan 24, 2011
We operate a small ISP and are currently using a debian distro as our gateway server.Recently we have had an increased number of spam issues with customers (not them sending it directly, rather the customer getting infected with a virus/malware and then their computer becoming a bot).I'd like to set up another gateway of sorts to sit after our authentication gateway but before our backbone to provide spam filtering (and hopefully virus filtering) for any traffic passing through which might be email.I've tried searching for any linux based software which would suit, but I'm coming up empty.
Surely there's something already out there which can perform this task.Finally, just to clarify, I'm not talking about spam filtering for email accounts we host ourselves (this is built into our mail server); I'm talking about spam originating from customers PC's which is passing through our gateway (but not our mail server).
View 1 Replies
View Related
May 3, 2010
After reading everything that says you don't need an anti-virus for Linux. OR Linux doesn't get viruses. Guess what I have a Virus. I don't know which one, but it is sending out spam emails from my webmail, MSN, account. I do not have a local client installed. I am guessing it is linking into MSN through Pidgin, getting the addresses there, and sending the spam, somehow, through MSN. Actually one MSN and one Hotmail account. I also have not been able to find an anti-virus program for Ubuntu. There do not seem to be any listed in the software repositories that Ubuntu links into. How do I get rid of it? My contacts are starting to get upset.
View 9 Replies
View Related
Jan 25, 2010
Take a peek at this:
Code:
Jan 23 20:15:01 localhost CRON[22629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 23 20:15:01 localhost CRON[22629]: pam_unix(cron:session): session closed for user root
[code]....
View 3 Replies
View Related
Apr 30, 2009
I just setup SpamAssassin and what not following this tutorial
[URL]
I am using CentOS 5.3. I was half way through that and got an email that had ***SPAM*** in the subject. Haven't received any more. First of all I want to know if spam will still get delivered, and just have a modified subject. Second, I want to know how to set it up so Spam goes to a user's spam mailbox (Virtual Users). And third of all, is it possible to disable spam filtering on a user basis, preferably using MySQL tables? Is it possible for users to mark a message as spam, and all further messages sent from that address will be sent to spam folder but only for that user?
EDIT: Yes spam is getting delivered with a modified header, on the server site, how can i deliver to spam folder? how to create IMAP virtual mailboxes on request without having to send an email to them first? Using virtual users with Courier Imap
View 3 Replies
View Related
Jan 17, 2011
1. I understand you can protect your files or directories in your website by setting file/directory permissions. The meaning of r w x is clear to me, but I'm not sure how to proceed... Starting with the index.html file, if I wanted to make it so that anyone in the world can read it but can't modify it, do I set its permissions to rwxr-xr-x? If I set it to rwxr--r--, would that mean the file couldn't be served? I mean, what does the x setting do on a .html file, how can a .html file be executable?
2. If file permissions work on the lines of owner-group-others, in the context of a website, who is 'group'? As far as I can tell, there's only the owner, which is me, and others, which is the world accessing the site. Am I correct in thinking that by default, say when creating a website on a shared hosting server, there is no group unless I specifically set one up?
3. My ISP allows the DynDNS.org service, meaning that I could serve a website from my home. It's too early to go that route just yet, but for future reference, I would like to ask about the server software called Hiawatha. It is said to be secure, but having read some evaluations of it, it doesn't seem to offer anything that couldn't be accomplished with Apache or Cherokee, it's just that its security settings are simpler and easier to configure. Am I right about this? Or does Hiawatha truly offer something that the other major server packages don't?
View 9 Replies
View Related
Apr 12, 2010
I'm using ns2.31 on fedora 12, I'm wondeing how can I exploit a c++ code with a tcl script?
View 1 Replies
View Related
Feb 26, 2010
I followed this How To (https://help.ubuntu.com/community/Postfix) in order to add smtp authentication to my Postfix installation used as spam filter for my exhange server, and it'seem all ok; the only thing that I don't understand is where I list all the users (with passwords) that I authorize to send mail through my server...
View 3 Replies
View Related
Dec 26, 2010
I have web server apache on linux Centos. I can access it successfully by typing on the address bar http://localhost, 127.0.0.1 or 192.168.0.150 from the local computer server and the site loads normally with graphic. When I access the site from another computer in the same local network, I don't get the correct website. I see the site like html as text not graphic. Please see below text file output from the browser: Also I can only access the site by typing 192.168.0.150 IP address in the address bar. When I type http://localhost or 127.0.0.1, the site does not come up. Do you see what I did wrong? How can I fix this problem.
View 7 Replies
View Related
Feb 17, 2011
I'm running Ubuntu 10.04 with apache, rails, mysql, etc. My rails site is running at www.example.com. I'm intending to use named-based virtual hosting and I have a virtual hosts file configured/enabled for www.example.com. My site is hosted on Amazon EC2.
The problem is that if I set up a new DNS record -- say test.example.com -- and browse to that, my site www.example.com is served up! That's without configuring any new virtual hosts. And the same is true if I go to my DNS records and define test2.example.com, etc. Without touching my server, these new URLs serve up my website. That's not what I want! I want to use name-based virtual hosting and host different sites for each subdomain.
[Code]...
UPDATE: now I understand a bit more... apparently my real problem is not what I thought it was. My real problem now appears to be that when I copy this virtual hosts file and edit it to add a new subdomain name, set up the corresponding site, etc., and enable the virtual host (a2ensite) and restart (graceful), apache immediately stops serving up any websites. Apparently apache crashes although I do not see any error messages. But all my sites go down and I have to revert and then restart apache.
I thought this was because my virtual host file (pasted above) had an error. So I thought I would start by getting that first file right. Apparently it is right. So now I need to understand why adding a second virtual host causes all sites to stop being served up.
View 1 Replies
View Related
Apr 14, 2011
I am very new to using Linux. I am trying to configure Apache. I have located the default in /etc/httpd and did a yum install httpd. Now, with this done, I am lost as is to how to configure. I am trying to make an ssl website with apache.
View 3 Replies
View Related
Aug 25, 2009
I currently have the following email server set up:
Postfix with mysql backend
Dovecot
clamav
spamassassin
amavisd
And it all works great. However I would like it for amavisd to forward all the marked spam into a folder on each user account, but I cannot figure this out.
View 5 Replies
View Related
Feb 7, 2010
Apache wont picup my website when i dropped my Site folder in the /var/www/html directory even after starting the Apache service.
View 2 Replies
View Related
Apr 29, 2010
I was asked to take over maintenance for a web-site written in .asp. Can Appache handle it installed on linux, as a local test-server?
View 2 Replies
View Related
Jan 22, 2010
I have a LAMP server configured. Yesterday, I had a test.php file displaying everything fine. I transferred some files over to the new server and now I can't connect to the test page, webmin, or phpmyadmin. I think it has something to do with Apache but Im not sure what to do next. I have restarted Apache, MySql and all services are running.
View 3 Replies
View Related
Feb 27, 2010
Doing my final year project in linux- a Mozilla Firefox extension which providing chat option for two or more peoples,who happen to be browsing the same website simultaneously. It shows you other people who visit the same websites as you are. These people have to be registered with our software. I don't know how to go about this. After a lot of googling and enquiring i have divided the project into three modules: an extension at browser side, chat implementation (probably in ajax) and a server- apache-php-mysql.
The extension keeps track of the URLs visited by the browser. It sends this information to the server. When it receives information from the server, the extension displays the number of users visiting the URL as the user. The extension informs the server whenever the user clicks the EnableChat(which will be embedded in a toolbar in the browser) button to start a chat session. After receiving the information, the extension displays the users in that site. The user clicks on a particular username for chat.
I have installed php mysql and apache. but i do not know exactly what the server must do. I know i have to write the server code in php and put it in the /var/www folder. but what should that code do? how exactly does the extension or browser communicate with the server for the exchange of above info?
View 4 Replies
View Related
Apr 11, 2011
I was able to install and setup Apache on my mint box. I created the site and it was visible to me using the localhost and home address. My instructor tried to view it from his machine and it timed out. I tried to view it from an unused Windows box in the classroom and it was unreachable.The instructor could not figure out why this was happening. The class is using about 4 different distros. There are only 2 of us using Mint and the other guy was not in class. We usually help each other outMost of the class had no problem when the instructor went to view their pages. Some had firewalls issues that were easily remedied. He was stumped when it came to my issue.So what may be going on here? Are there some specific things that need to be done with Apache on a Mint distro that I'm missing? Ubuntu, Opensuse, and Fedora all almost worked without tinkering around
View 6 Replies
View Related
Jan 10, 2010
I have Ubuntu 9.1 setup, with ISPCONFIG3, squirrel mail, apache2, mysql, phpmyadmin, phpbb3 so now what, what do I need to do next to setup to get apache to display my website and where do I need to put my web files?
View 1 Replies
View Related
Nov 27, 2010
In my website, I'm putting shared files in a "/global" folder. Both "styles.css" and "library.php" are in this global folder. HTML code seems to be working ok - the following bit works great to pick up a style sheet:
Code:
<link rel="stylesheet" type="text/css" href="/global/styles.css" /> However PHP does not seem to understand my root directory. Using the following does not work:
Code:
include_once("/global/library.php");
I receive a "failed to open stream: No such file or directory" error.Spelling out the entire full path works, like so:
Code:
include_once("/srv/www/mysite/global/library.php");
But this type of code is no good as I may change servers in the future. I have my "DocumentRoot" set correctly in my sites-available file. It seems as if PHP is ignoring it. Is there a config file someplace (htaccess? Local php.ini?) where I should update my root directory for this site only? Or am I following bad form and there's a better way to do this? Relative paths don't seem like the answer here though...
View 5 Replies
View Related
Feb 1, 2011
I've installed Ubuntu server and got everything setup pretty well.My problem is apache.I put my website in /var/www and changed the security on the files to allow them to be executed by other, which is what I finally discovered was my first problem (access denied). But now whenever.I go in and edit my page, the changes aren't reflected on the site unless I completely restart apache.I know I'm doing something wrong because I used to pay for a host and every time I edited a page, it was instantly updated on the site. Could one of you gurus tell me where I screwed up?
View 4 Replies
View Related
Apr 18, 2011
we have a dual server setup: Windows server 2003 and Ubuntu 10.04 with apache installed with all the goodies. This is all virtualized. What I'm wanting to do, is make the new website we've created run on the Ubuntu machine, which it is, and be accessible outside the office. However, by doing this, we forfeit being able to use remote access or web exchange on Windows server 2003.
How can I create a link from the new website on Apache point to the internal server and it work outside of the office?
View 7 Replies
View Related
Jan 11, 2011
I am trying to host a local website(an wiki application) within a network. Is it necessary that all the files I need to upload should be in the var/www?
View 8 Replies
View Related
Nov 8, 2010
In first place i am sorry about my horrible English. I want to make a web site with a virtual host of apache visible by all the computers connected to my networking. I put this in the end of the file "/etc/httpd/conf/httpd.conf"("192.168.1.194" is the IP address of my computer. The default gateway IP address is "192.168.1.1"):
[Code]...
It works if i go to "http://192.168.1.194/" with the browser of the computer with apache inside, but on the others PC of my networking this method don't work!
View 2 Replies
View Related
Jul 17, 2011
Where would I go to find a guide on a how-to for Linux website administration? I want to learn how to create a simple site dedicated to my blog. I already have a blog hosted by wordpress. I want to learn how to administrate my own blog using Apache hosted by GoDaddy.com or some other host.
View 2 Replies
View Related
Jan 29, 2011
I am running opensuse with LAMP, and this is my first time setting up this type of server (usually am a windows junkie) My problem i am having is that I am unable to view my website from outside the local network. I have setup my router for a dynamic dns and forwarded all the ports through the router and the local firewall. I ran the apache setup through YAST2 and everything seems fine locally but when i attempt to access it elsewhere its not connecting. computechsolutions.dyndns.biz is the dynamic dns address i have setup through my router.
View 2 Replies
View Related
