Results 1 to 3 of 3
I have had uninvited visitors on my server and are desperately trying to close a loophole My guess is that I have a loophole in my HTTP POST or an ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 03-28-2006 #1
- Join Date
- Mar 2006
Relay - Hacking - WHAT TO DOO ????
I have had uninvited visitors on my server and are desperately trying to close a loophole
My guess is that I have a loophole in my HTTP POST or an installed script from hostile
localhost||||1155||||184.108.40.206 - - [28/Mar/2006:01:08:17 +0200] "POST
localhost||||1155||||http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200
localhost||||1155||||1155 "-" "-"
Above I reads as the webserver have been used for smtp proxy by a loophole meaning that others are able to do HTTP POST towards foreign IP adresses and towards other ports than 80.
How to configure apache 2 only to accept POST from it selves and only port 80 ?
Has anyone experienced anything like ?
Does anyone have any ideas in how to close loophole by editing configuration in order to close in ?
Thank in advance - Please note that I am growing gray hairs, and have a closed connection by provider - Full attention from sirt and facing a policewarning ????
- 03-29-2006 #2
- Join Date
- Jul 2004
Please tone down the name of your threads they are distracting
- 04-12-2006 #3
Right, the usual course of action in this kind of situation is to PANIC! Run around screaming loudly and waving your hands in the air.
Before you do that, though, unplug the network cable from the back of the PC.
When you've finished letting off steam, here's my advice.
1. Calm down. You cant fix this if you're all flustered from your panic or from them imaginary sound of jack-booted police marching up the driveway.
2. Back up all your log files and put them somewhere safe. Back up all your config for your mail server, and put that in the same safe place. These are your defence when people accuse the naughtiness of being your fault.
3. Now start a new back up and make sure that you recover any data off the computer than you need. If you are a responsible server-owner or server-admin, you'll already have lots of backups anyway and you wont need to do this. We've all got lots of backups, haven't we, everyone... anyone?
4. Wipe the computer, and reinstall everything from the original install disks. This is the only way to be sure you're clean. Use new passwords for every user, including root, and make sure they're hard-to-guess ones (you know the drill, mixed case, include digits and non-letter characters, etc.).
5. Re-install your data, adding packages as you need.
6. Grovel back to your ISP, tell them what has happened (be as honest as you can) and ask them politely to re-open your internet connection. Before you connect up, make sure you have learned the lessons from the last time, and close the loopholes that were left open.Linux user #126863 - see http://linuxcounter.net/