httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harald Heggelund" <har...@norddata.no>
Subject [users@httpd] Security problem in apache with forms?
Date Tue, 30 Oct 2007 13:29:18 GMT
Hello,

Since installing a new slackware server with apache and sendmail
out-of-the-box, I have noticed my server is sending (moderate amounts of)
spam worldwide.
I suspect some webform or cgi-script. In the apache log, I see lots of these
entries:

"POST http://87.118.100.88/proxy5/check.php HTTP/1.1" 404 297
"POST http://82.228.61.77:49627/Chcks/Data_I.php HTTP/1.1" 404 297

Have no idea what these scripts do (they certainly aren't mine!) but
probably they use my localmailer to send spam. I believed external script
was supposed to be forbidden (as the 404 may indicate), but maybe there's a
bug when calling them from a POST? 

Any (other) suggestions?



Mime
View raw message