httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harald Heggelund" <>
Subject [users@httpd] Security problem in apache with forms?
Date Tue, 30 Oct 2007 13:29:18 GMT

Since installing a new slackware server with apache and sendmail
out-of-the-box, I have noticed my server is sending (moderate amounts of)
spam worldwide.
I suspect some webform or cgi-script. In the apache log, I see lots of these

"POST HTTP/1.1" 404 297
"POST HTTP/1.1" 404 297

Have no idea what these scripts do (they certainly aren't mine!) but
probably they use my localmailer to send spam. I believed external script
was supposed to be forbidden (as the 404 may indicate), but maybe there's a
bug when calling them from a POST? 

Any (other) suggestions?

View raw message