Mailing List CGatePro@mail.stalker.com Message #106160
From: Terrence Koeman <terrence@darkness-reigns.com>
Subject: RE: Can SMTPI overwrite HTTPA???!
Date: Wed, 31 Aug 2016 07:56:54 +0200
To: 'CommuniGate Pro Discussions' <CGatePro@mail.stalker.com>
X-Mailer: Microsoft Outlook 16.0
If they *are* related I'd share your amazement, because it shouldn't be possible even with mediocre coding.

I would venture a guess that they aren't, because: 1) afaik the SMTPI line signifies the end of that particular action and imo too much time has elapsed until the HTTPA line. 2) The IPs differ. Did the attacker somehow input your home IP in a cross-service memory corruption bug? Seems far-fetched (although stranger things have happened). 3) The 'attacker' only got a single page, supposedly sent to a closed port on your home IP. What's the use?

--
Regards,
   Terrence Koeman, PhD/MTh/BPsy
      Darkness Reigns (Holding) B.V.

Please quote relevant replies.


> -----Original Message-----
> From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On
> Behalf Of Gib Henry
> Sent: Tuesday, August 30, 2016 1:57 PM
> To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
> Subject: Can SMTPI overwrite HTTPA???!
>
> 08:10:39.970 2 SMTPI-010880([184.105.182.184]) [4083450] received
> encrypted, 23565 bytes
> 08:10:40.179 1 HTTPA-000707([my home IP address]:42119) overwritten
> response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">\n<html
> xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"
> dir="ltr">\n<head>\n\t<meta http-equiv="Content-Type"
> content="text/html; charset=utf-8" />\n\t<title>CommuniGate Pro Setup
> realpeople.com</title>\n\t<link rel="stylesheet"
> href="/StockFiles/Admin-/adminstyle.css" type="text/css" />\n\t\
>
> /NEVER/ seen anything like this in 12 years of running CGP!  If these
> two log entries are related, what’s going on?  An incoming message trips
> HTTPA web admin access?  I’m the only one who accesses the web admin
> (often from the home IP address shown), and I wasn’t doing it at the
> time logged, so who/what was?  Do I need to be concerned?  Cheers,
> --
> Gib Henry
>
>
> #############################################################
> This message is sent to you because you are subscribed to
>   the mailing list <CGatePro@mail.stalker.com>.
> To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
> To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
> To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
> Send administrative queries to  <CGatePro-request@mail.stalker.com>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster