squirrelmail hole?

L

ljweb

Verified User
Joined
Mar 31, 2005
Messages
52
I keep getting attacks on squirrelmail, sometimes successful which sees them upload some irc rubbish.. heres some lines from httpd error log

--11:00:30-- http://195.20.206.246/squirrelmail/data/files/h
(try:16) => `h'
Connecting to 195.20.206.246:80... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

--11:04:51-- http://195.20.206.246/squirrelmail/data/files/h
(try:17) => `h'
Connecting to 195.20.206.246:80... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

--11:09:13-- http://195.20.206.246/squirrelmail/data/files/h
(try:18) => `h'
Connecting to 195.20.206.246:80... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

--11:13:34-- http://195.20.206.246/squirrelmail/data/files/h
(try:19) => `h'
Connecting to 195.20.206.246:80... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

--11:17:55-- http://195.20.206.246/squirrelmail/data/files/h
(try:20) => `h'
Connecting to 195.20.206.246:80... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Giving up.

Connecting to 195.20.206.246:80... connected.
HTTP request sent, awaiting response... sh: ./x: No such file or directory
chmod: cannot access `c': No such file or directory
==> Fakename: /usr/sbin/httpd -k start -DSSL PidNum: 599
[Mon Apr 27 09:38:57 2009] [error] [client 58.108.160.222] File does not exist: /var/www/html/401.shtml
Read error (Connection timed out) in headers.
Retrying.

--09:50:17-- http://195.20.206.246/squirrelmail/data/files/h
(try: 2) => `h'
Connecting to 195.20.206.246:80... connected.
HTTP request sent, awaiting response... [Mon Apr 27 10:03:58 2009] [error] [client 202.173.155.36] File does not exist: /var/www/html/favicon.ico
[Mon Apr 27 10:03:58 2009] [error] [client 202.173.155.36] File does not exist: /var/www/html/404.shtml
Read error (Connection timed out) in headers.
Retrying.


It sets up a fake process for httpd and then when apache is restarted it hangs until the fake process is killed..

Any ideas on how to stop this (apart from trashing squirrel)?
 
You probably should upgrade to the latest version of squirrelmail first. Your is 1.4.13 Latest version is 1.4.17. That might help.
 
As of this morning when I posted the message the version on 195.20.206.246 was 1.4.13. That is why I posted the message.

Now if http://195.20.206.246/squirrelmail/ is not your machine then the problem may not have anything to do with squirrelmail on your machine at all. Somebody is trying to obtain a file from http://195.20.206.246/squirrelmail/data/files/h and download it to your machine. If 195.20.206.246 is not you then I don't know why you would think the problem had anything to do with your squirrelmail at all.

The problem could be any number of scripts running on your machine.
 
You must log in or register to reply here.
Back
Top