LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-30-2006, 06:33 AM   #1
wuhaa
LQ Newbie
 
Registered: Oct 2006
Posts: 5

Rep: Reputation: 0
Post Sendmail Injections


Hi,

I was having a spam problem where the server is being injected through php (XSS) and is being used as a spammer.

I have added mod_security to the apache setup to avoid this. That has solved the problem of dinky php injections.

Sendmail is still sending quite a bit of spam. I was told of an injection through anon. ftp sites to get past the mod_security setup. Then the hacked would execute a link on a particular site to trigger the injection passed through ftp.

My question:

Is this ftp style injection possible? If so, how can I find out if it is the case with my server? Also if there is anything I can setup agenst this style of injection on my server?

Thank you for your help...

WuHaa!!!
 
Old 10-30-2006, 09:11 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Sendmail is still sending quite a bit of spam.
Then not all XSS where fixed?
Or are you running an open relay by any chance?
Does any logging show any clues?


I was told of an injection through anon. ftp sites to get past the mod_security setup. Then the hacked would execute a link on a particular site to trigger the injection passed through ftp. Is this ftp style injection possible?
Any more details on what you've been told? If PHP is not in safemode (fopen*) then protocol or location doesn't matter AFAIK.


If so, how can I find out if it is the case with my server? Also if there is anything I can setup agenst this style of injection on my server?
Check if you can apply all basic PHP security measures. Check developer/maintainer/community support for the PHP-based SW you run to see if new releases fix any XSS holes. If no support is given or no fixes are available or if it's homebrew you could use http://www.owasp.org/index.php/Cross_Site_Scripting, http://ha.ckers.org/xss.html and http://phpsec.org/library/ as a starting point to audit the code yourself, or use something like http://quickwired.com/kallahar/small...r_function.php and http://forum.hardened-php.net/viewto...p?pid=291#p291. http://www.acunetix.com/security-audit/ could also be helpful in determining XSS vulnerabilities.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Sendmail config questions + Sendmail not reflecting changes to access db wbuik Linux - Networking 2 03-26-2009 05:02 AM
sendmail is not working & on $prompt the cmd sendmail hangs Pavan mahoorker Linux - Software 1 04-04-2006 03:57 PM
FC4 and Sendmail - Cannot create sendmail.pem Balderayne Linux - Security 2 11-09-2005 02:55 PM
Sendmail - RunAsUser=sendmail:mail/What files to i have to change ForumKid Linux - Security 45 01-18-2002 11:47 AM
sendmail (dont just ignore it 'cause its got sendmail in the subject :P) GnomeKing Linux - Networking 1 11-12-2001 09:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration