|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Interview Questions: System Admin
|
On Sat, 14 Feb 2004, gabriel rosenkoetter wrote:
> HTTP and FTP servers were the ones I was thinking of. (If configured
> to permit it--and many at least *used* to be by default--both can
> be asked to make an outgoing TCP connection to an arbitrary host
> and port and send user-controlled data.)
I've seen a practical application of this a couple of years ago when a
friend's apache server was being used by a spammer to relay mail through a
hole in a CGI script that was installed by default with another web app.
It was really disturbing at first because Sendmail was locked down tight,
yet spam was still going out and the initial search was for a hole in
sendmail.
I was able to figure out where it was coming from by using timestamps in
reported spam and grep'ing the apache access logs for that timestamp to
find the CGI that was being used and lock it down.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|