Home page logo
/

basics logo Security Basics mailing list archives

Re: Strange Web Server Log Entries
From: Sean Malloy <spinelli85 () gmail com>
Date: Thu, 6 Dec 2007 21:57:50 -0600

On Thu, Dec 06, 2007 at 07:14:17PM -0700, Frynge Customer Support wrote:
The way I take it is...

Someone with this ip address: 65.117.101.194 is attaching from this server or a form or sql injection from this 
server:http://lti-mail01.ltinetworks.com:25

And trying to send mail, probably from a form on your server or by sql injection...

I would check your scripts on your server, check your forms and check anything that uses mysql database for any 
security leaks.

Kelly Sigethy
Frynge.com


Frynge Web Design - Portfolio
403-251-9486 (Calgary)
1-866-331-9684 (Toll Free)
Your one stop shop, for all your web design needs 


Well, I don't have any forms or scripts on my website. All my site serves is
static XHTML and CSS. It's pretty boring. I used to have MySQL installed
(I just uninstalled it), but I never set it up or turned on. The only
services it runs is SSHD(public key authentication only), Apache in a
chroot jail, and sendmail(which only listens on localhost). I was
originally going to set up a BAMP server, but I decided against it
because I really didn't know what the hell I was doing. Thanks for the
advice.

-- 
Sean Malloy
Home Page: www.catgrepsort.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]