20-Feb-2006

Soymail
Received an answer - for ptrivate access the URL must be ../script/soymail/~: the tilde marks access as private. This is no problem, just adjust the URL in the startpage. Now it does indeed show up - somewhat different in layout, but there is a starting point. Main problem seems to be that the structure is "non-standard" and I will have to do a lot of digging myself - no problem: it will add to the usability of the product.
Some issues found, but by contacting the author, it could be that most issues can be solved by carefully follow the installation and administration guide, and adjust where needed. One thing will be needed - mapping /soymail/-/ to the right directory. But that is minor.
Also, I need to adjust smpt_config, to allow local host to send - otherwise, any mail sent to the outside world wil be treated as spam - and be rejected.
Logs
The scan-log jobs works, and so dows the creation of the Apache index page. Funny: all virtual webs seem to craete a new access_log - and there should be just one. Another thing to find out in the apache configuration!
Security
Apart from the ususal mail stuff, just one in FTP - due to late examination, just found today:

%%%%%%%%%%% OPCOM 17-FEB-2006 01:47:21.09 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: mgd9-d9ba3a4c.pool.mediaWays.net
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.060217015050p]

A 1.5 second attempt:

17-FEB-2006 01:47:19.89 User:anonymous logged in ident:Kgpuser@home.com from Host:mgd9-d9ba3a4c.pool.mediaWays.net
17-FEB-2006 01:47:20.91 User:anonymous ident:Kgpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
17-FEB-2006 01:47:21.28 User:anonymous ident:Kgpuser@home.com logged out

FTP log says:

%TCPIP-I-FTP_SESCON, FTP SERVER: session connection from mgd9-d9ba3a4c.pool.mediaWays.net at 17-FEB-2006 01:47:19.65
%TCPIP-I-FTP_NODE, client host name: mgd9-d9ba3a4c.pool.mediaWays.net
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: /pub/
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00017: Failed to set default directory
%SYSTEM-W-BADIRECTORY, bad directory file format

and the same on :

%TCPIP-I-FTP_OBJ, object: /public/
%TCPIP-I-FTP_OBJ, object: /pub/incoming/
%TCPIP-I-FTP_OBJ, object: /incoming/
%TCPIP-I-FTP_OBJ, object: /_vti_pvt/

Next tried to create the directory:

%TCPIP-I-FTP_OBJ, object: WEB_DISK:[public.anonymous.060217015050p]
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00017: Failed to create directory
%SYSTEM-F-NOPRIV, insufficient privilege or object protection violation

and accesing the following (non-existing) directories:

%TCPIP-I-FTP_OBJ, object: /upload/

After that; the script gave up:

%TCPIP-I-FTP_SESDCN, FTP SERVER: session disconnection from mgd9-d9ba3a4c.pool.mediaWays.net at 17-FEB-2006 01:47:21.37

Hey kiddy: you want to dump your stuff? Sorry, wrong system!
Well, some weird thing in mail - happend the last days several times, but I still have to investigate:

%%%%%%%%%%% OPCOM 17-FEB-2006 06:13:28.00 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 82.49.85.174 Port: 2776

%%%%%%%%%%% OPCOM 17-FEB-2006 06:13:40.15 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 192.168.0.33 Port: 51607

%%%%%%%%%%% OPCOM 17-FEB-2006 06:13:45.36 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 192.168.0.33 Port: 51608

Every 5 seconds or so, until:

%%%%%%%%%%% OPCOM 17-FEB-2006 06:16:44.73 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 192.168.0.33 Port: 51639

Here it stopped, but it started again 36 hours later:

%%%%%%%%%%% OPCOM 18-FEB-2006 21:13:56.84 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 80.182.88.246 Port: 3552

%%%%%%%%%%% OPCOM 18-FEB-2006 21:14:14.26 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 192.168.0.33 Port: 51832

%%%%%%%%%%% OPCOM 18-FEB-2006 21:14:19.85 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 192.168.0.33 Port: 51833

again every 5 seconds or so until:

%%%%%%%%%%% OPCOM 18-FEB-2006 21:17:25.44 %%%%%%%%%%%
Message from user INTERnet on DIANAINTERnet ACP SMTP Accept Request from Host: 192.168.0.33 Port: 51864

A few hours later, it started once again:

%%%%%%%%%%% OPCOM 19-FEB-2006 06:40:42.39 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 82.49.85.148 Port: 2783

%%%%%%%%%%% OPCOM 19-FEB-2006 06:40:55.44 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 192.168.0.33 Port: 51871

%%%%%%%%%%% OPCOM 19-FEB-2006 06:41:01.25 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 192.168.0.33 Port: 51872

every 5 seconds until:

%%%%%%%%%%% OPCOM 19-FEB-2006 06:43:57.63 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 192.168.0.33 Port: 51903

but shortly after, it started once again:

%%%%%%%%%%% OPCOM 19-FEB-2006 07:26:23.47 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 82.49.85.148 Port: 2520

%%%%%%%%%%% OPCOM 19-FEB-2006 07:26:35.64 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 192.168.0.33 Port: 51904

%%%%%%%%%%% OPCOM 19-FEB-2006 07:26:42.05 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 192.168.0.33 Port: 51905

and so on, until

%%%%%%%%%%% OPCOM 19-FEB-2006 07:29:39.23 %%%%%%%%%%%
Message from user INTERnet on DIANA
INTERnet ACP SMTP Accept Request from Host: 192.168.0.33 Port: 51936

192.168.0.33 is Cerberus! But there is NOT ANY message found in these times.
Some tampering the router? As far as I know, there is no SMTP server in it, it's flash-based, but if this is true, it's not safe as it should be. Time to re-enable Charon.