Find the answer to your Linux question:
Results 1 to 3 of 3
I have had uninvited visitors on my server and are desperately trying to close a loophole My guess is that I have a loophole in my HTTP POST or an ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2006
    Posts
    1

    Relay - Hacking - WHAT TO DOO ????


    I have had uninvited visitors on my server and are desperately trying to close a loophole

    My guess is that I have a loophole in my HTTP POST or an installed script from hostile

    Print log..:
    Sample.:
    localhost||||1155||||69.85.235.3 - - [28/Mar/2006:01:08:17 +0200] "POST
    localhost||||1155||||http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200
    localhost||||1155||||1155 "-" "-"

    Above I reads as the webserver have been used for smtp proxy by a loophole meaning that others are able to do HTTP POST towards foreign IP adresses and towards other ports than 80.


    How to configure apache 2 only to accept POST from it selves and only port 80 ?

    Has anyone experienced anything like ?
    Does anyone have any ideas in how to close loophole by editing configuration in order to close in ?


    Thank in advance - Please note that I am growing gray hairs, and have a closed connection by provider - Full attention from sirt and facing a policewarning ????
    Mikkelsborg

  2. #2
    Banned
    Join Date
    Jul 2004
    Posts
    947
    Please tone down the name of your threads they are distracting

  3. #3
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,906
    Right, the usual course of action in this kind of situation is to PANIC! Run around screaming loudly and waving your hands in the air.

    Before you do that, though, unplug the network cable from the back of the PC.

    When you've finished letting off steam, here's my advice.

    1. Calm down. You cant fix this if you're all flustered from your panic or from them imaginary sound of jack-booted police marching up the driveway.

    2. Back up all your log files and put them somewhere safe. Back up all your config for your mail server, and put that in the same safe place. These are your defence when people accuse the naughtiness of being your fault.

    3. Now start a new back up and make sure that you recover any data off the computer than you need. If you are a responsible server-owner or server-admin, you'll already have lots of backups anyway and you wont need to do this. We've all got lots of backups, haven't we, everyone... anyone?

    4. Wipe the computer, and reinstall everything from the original install disks. This is the only way to be sure you're clean. Use new passwords for every user, including root, and make sure they're hard-to-guess ones (you know the drill, mixed case, include digits and non-letter characters, etc.).

    5. Re-install your data, adding packages as you need.

    6. Grovel back to your ISP, tell them what has happened (be as honest as you can) and ask them politely to re-open your internet connection. Before you connect up, make sure you have learned the lessons from the last time, and close the loopholes that were left open.
    Linux user #126863 - see http://linuxcounter.net/

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •