On 19/10/06, Stuart Gall <stuart@???> wrote:
> > |http://mail.oldartero.com:8888/cgi-bin/put
>
> WARNING!!
> This is not just a URL as nigel points out
> Look it is a pipe and a URL to a cgi script. This is clearly an
> attempt to break something and gain some sort of unauthorised access.
>
> I am not saying that exim is vulnerable to this kind of attack, but
> it looks like an attack so I would strongly discourage from letting
> it any further in to your system. AND I would recommend that you
> block that IP at connect or even better on the firewall.
It's a probe for an open proxy. If that URL gets a hit, it means that
the injection of the URL succeeeded somewhere - the source IP of the
hit is logged for later exploitation.
Block on sight.
Peter
--
Peter Bowyer
Email: peter@???
