Security Incidents mailing list archives
Re: Mail and web server attack
From: pdunston () PFEIFFER EDU (Duane Dunston)
Date: Tue, 14 Mar 2000 13:54:32 -0000
I recently detected several sloppy intrusion attempts on my web and mail server. The attempts originated from ip - 209.161.238.144, 207.226.241.155, and 208.184.216.202. Logins were attempted via telnet, pop3 and imap (command stream owerflow for the last two). Additionally, the PHF.CGI exploit was attempted followed by the scripts TEST.CGI and HANDLER.CGI. Tomas, Since all of those services have well-known exploits, it seems that someone or group of people were trying some basic attacks to gain access to your system. The may have done it manually or run a scanner like SATAN or NESSUS to see what kind of vulnerabilities your system has. The same for the * .cgi scripts. They all have known security problems. In particular the test.cgi script that comes by default with apache can give an attacker information about your system environment. You read quite often how over 90% of all compromises are a result of well-known security holes. Looks like you've taken care of them though. With metta, Duane
Current thread:
- Mail and web server attack Tomas (Mar 09)
- TCP port 3218 Boris Badenov (Mar 13)
- Re: TCP port 3218 Graeme Fowler (Mar 16)
- Re: Mail and web server attack Duane Dunston (Mar 14)
- TCP port 3218 Boris Badenov (Mar 13)