I encourage the armchair critics who think they know something about
web app security to break into Exim Webapp. I am making it very easy
for you to break in by giving you all of the following details which
hackers usually do not have.
Access URL: http://mail.africafocus.org:8180/exim/
OS: FreeBSD 4.8
Firewall: None other than the very light one provided by the
hosting facility (and which does nothing at all to inhibit any
attack over any tcp transport involved here).
How it is secured: EXACTLY as documented at
http://admc.com/blaine/howtos/exim-webapp/Security.html#Security
This is not some fake, secured setup. This is a real, working mail
server and Exim Webapp installation that I use for africafocus.org.
Now, is anybody foolish enough to broadcast the telnet/ssh address that
you use to remotely run eximon? (Seriously-- don't unless you know
that you have sshd patched and nailed down-- I won't take the time to
break in, but somebody else reading this may).
Please be considerate and keep in mind that the challenge is to break
in through Exim Webapp, not through smtp, etc., since the latter risk
exists regardless of whether eximon, Exim Webap, or any other application
is running on top of Exim. Please don't DOS me!
--
ICF: 703-934-3692 Cell: 703-944-9317
