Mailing List CGatePro@mail.stalker.com Message #97235
From: Todd Schuldt <tschuld@kirkwood.edu>
Subject: RE: Spam sent by rooms full of clones using a web browser and log analysis
Date: Wed, 11 Feb 2009 09:22:26 -0600
To: 'CommuniGate Pro Discussions' <CGatePro@mail.stalker.com>
Are you asking about these 2 script sites?
http://www.niversoft.com/products/cgscripts/
http://cgpro.servicemail24.com/ (used to be at http://www.clanhobbs.org/cgscripts.php)

Todd Schuldt
Senior System Administrator
Kirkwood Community College
(319) 398-5899 x5763

-----Original Message-----
From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On Behalf Of James Roman
Sent: Wednesday, February 11, 2009 8:49 AM
To: CommuniGate Pro Discussions
Subject: Re: Spam sent by rooms full of clones using a web browser and log analysis

Our mail server was recently blacklisted (without a clear explanation,
so I can't be sure if it is real or not). This topic was still fresh in
my memory, so I thought that I would investigate further.

If you have seen the webmail signature files changed, how did you
identify it? Is there a method to report on the webmail signature file
contents? (I looked through the file-system settings files, but couldn't
grep a unique part of my own webmail signature.)

On a related topic, what are people using to monitor there CGP logs? Has
anyone created a logwatch filter? Other analysis scripts (Where is the
CGP script repository located? I've seen it once, but can't figure out
where.)

 From some of the other reporting I've seen, it definitely looks like
penetration attempts are being spaced out more to make identifying them
more difficult. Are CGP/netfilter/firewall log generated blacklists
worthwhile?

#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster