Recently I started leased a dedicated server from HIGHSPEEDWEB.NET, it came preconfigured (somewhat) and I was told that it would be "secure" for telnet (only specifically stated IP address(s) could gain access), etc. However, I have found that this is not the case, it seems that they do not place limiting information in the host.deny file so anyone can still telnet into the server. Also, their mail configuration which allows users to add mail aliases either via a web interface or by editing a file called .mailalias in their home directories is faulty. Users may place _ANY_ valid local domain into this file and forward mail from that domain to their email address. The system works by running a cron script once per day and updating the sendmail virtual user database. The following is an example person A has a webhosting account on the HIGHSPEEDWEB.NET configured server, person B wishes to "steal" email from Person A, they are targeting the sales@person-a-domain.com as the attacked address and they are going to have that forwarded to fooat_private, they add the following line to their .mailalias file sales@person-a-domain.com fooat_private when the next update occurs any email sent to sales@person-a-domain.com will be forwarded to fooat_private, this also works with wildcards i..e. @person-a-domain.com fooat_private would work if your entry is read into the sendmail virtual user database before the one that exists in Person A's directory. I notified HIGHSPEEDWEB.NET of the security issue well over a month ago and have not had any response from them regarding a fix. I however did instate one of my own my forcing users to call myself to have aliases added for the time being. Brian Mueller ************************************************* Brian Mueller President/CEO CreoTech "We are the future" www.creotech.com bmuellerat_private 513.722.8645 *************************************************
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:29:20 PDT