[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OT: spammers are using my domain again



On Sat, Oct 09, 2004 at 03:54:15PM -0700, Mike Ramirez wrote:
> On Thu, 2004-10-07 at 21:59, Trevor Smith wrote:
> > So I'm getting tons of bounces because the spammers have ...
...

> hi Trevor and everyone who is reading this.  
> I haven't read the full thread, yet, but I want to relate my
> "adventures" of the two days to you guys.  I run a hosting company that
> has similar packages to what Trevor is getting.  
.....
> area you put an email into line by line.  It also has a text box for the
> sending address and everything else and attempts to write the headers
> also.  One of the emails from Friday had a sub dir that it used for the
....
> same code.  One called mailer.php in the root of the html dir and
....

Strange you should mention this.
A friend of mine was telling me that there is a commonly
used cgi tool that is used on many hosts to permit
folks on the web to send feedback mail.

It has the apparent advanatage that it does not disclose the
address of the account the mail is being sent to.

It also has a bug.
The bug permits a remote user to craft a  html URL which 
corrupts the sender address and sends mail out.

Thus a script can bang through a pile of addresses and 
spam the world.   It is as bad as an open relay but
it is this common chunk of cgi code.

Apparently there are multiple versions that are vulnerable.

I am now looking for a mailing list for web manager
where I can track such stuff.

Scan your logs.....


-- 
	T o m  M i t c h e l l 
	Me, I would "Rather" Not.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]