Firewall Wizards mailing list archives
Re: sendmail spamming
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 29 May 2003 11:24:56 -0400 (EDT)
On Thu, 29 May 2003, Robert E. Martin wrote:
Just a moraltiy question for you guys. I have just finished locking up and exploit in our email server. This spawned from a formmail script left on our web server I neglected to delete. I noticed CPU activity spikes on the email server and found that our web server was spamming our email server due to the classic formmail exploit. My question is this. What is the motivation behind such an expliot? What
The motivation of the exploit/exploiter is the classic one of most spammers, avoinding detection and blacklisting of them for the activity. As well as these days trying to avoid the revenge attacks that some lauch on known avid spammers.
is there to gain from this other than job security for a person like me? This kind of action makes no sense to me.
Now the reason for the insecure cgi is altogether different. There are many 'old' respoitoories of cgi's available, many of which have long been known to contain less then seucre means of achieving their ends. It's amazing how many folks trust any and all code that is placed in the public domain for their personal use. It's been awhile since I looked at RFP's libwhisker tools, or others like it. but, many of these can spider a site and find such gaps in an otherwise fairly secure setup. And a nightly spider of the site when traffic should be lower is not such a bad thing for those tasked with maintaning such systems, and can be a decent headsup for the webadmin to take note of and correct before it gets ones domain added to one of the spammer blacklists and all that might imply. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- sendmail spamming Robert E. Martin (May 29)
- Re: sendmail spamming R. DuFresne (May 29)
- Re: sendmail spamming Chuck Swiger (May 29)
- <Possible follow-ups>
- RE: sendmail spamming Behm, Jeffrey L. (May 29)
- Re: sendmail spamming Robert E. Martin (May 29)
- RE: sendmail spamming Jim Seymour (May 30)
- RE: sendmail spamming Behm, Jeffrey L. (May 29)
- Re: sendmail spamming Don Jones (May 30)