Re: postfix on wwwmaster.postgresql.org is shut down ...

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: postfix on wwwmaster.postgresql.org is shut down ...
Дата
Msg-id 6BCB9D8A16AC4241919521715F4D8BCE92E92A@algol.sollentuna.se
обсуждение исходный текст
Ответ на postfix on wwwmaster.postgresql.org is shut down ...  ("Marc G. Fournier" <scrappy@postgresql.org>)
Ответы Re: postfix on wwwmaster.postgresql.org is shut down ...  ("Gavin M. Roy" <gmr@ehpg.net>)
Список pgsql-www
> There are 23k messages in the queue right now that have been
> 'received from localhost' by user www@svr2.postgresql.org ...
> someone is making use of a 'hole' in one of our CGIs, but I
> can't seem to figure out which one, so have let Dave/Magnus
> know and hopefully they can figure out which one ...
>
> Until we've found and plugged the hole, postfix is down ...
> if someone reports a problem with sending an email, please
> let us know ...


Problem identified.

There was a horribly old and outdated version of awstats.pl on the
system, that was for some reason linked in and possible to use without
any authentication or anything. There are known security issues in it,
and adding logging everywhere showed that that's what was exploited
using the srv2.postgresql.org virtual server (which isn't even in used).

I've disabled it in apache and removed the files from the server as
well.

Yet another example of why it's overdue that we're doing something about
all the stuff that's installed and active, but not actually used :-( But
as that is work in progress now, I'll just wait for that to get done :-)

I've re-enabled postfix after deleting all the spam in the queue.

If someone wants to pursue it (Gavin?), the hits came in from
66.98.214.41, which is on ev1servers.net. There are still log files
available showing four requests to it that coincided perfectly with spam
mail entering the queue.

//Magnus

В списке pgsql-www по дате отправления:

Предыдущее
От: "Dave Page"
Дата:
Сообщение: Re: Archives formatting
Следующее
От: "Gavin M. Roy"
Дата:
Сообщение: Re: postfix on wwwmaster.postgresql.org is shut down ...