Firewall Wizards mailing list archives

Re: sendmail spamming

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 29 May 2003 11:24:56 -0400 (EDT)

On Thu, 29 May 2003, Robert E. Martin wrote:

Just a moraltiy question for you guys.
I have just finished locking up and exploit in our email server. This 
spawned from a formmail script left on our web server I neglected to 
delete.
I noticed CPU activity spikes on the email server and found that our web 
server was spamming our email server due to the classic formmail exploit.
My question is this. What is the motivation behind such an expliot? What


The motivation of the exploit/exploiter is the classic one of most
spammers, avoinding detection and blacklisting of them for the activity.
As well as these days trying to avoid the revenge attacks that some lauch
on known avid spammers.

is there to gain from this other than job security for a person like me? 
This kind of action makes no sense to me.


Now the reason for the insecure cgi is altogether different.  There are
many 'old' respoitoories of cgi's available, many of which have long been
known to contain less then seucre means of achieving their ends.  It's
amazing how many folks trust any and all code that is placed in the public
domain for their personal use.  It's been awhile since I looked at RFP's
libwhisker tools, or others like it. but, many of these can spider a site
and find such gaps in an otherwise fairly secure setup.  And a nightly
spider of the site when traffic should be lower is not such a bad thing
for those tasked with maintaning such systems, and can be a decent headsup
for the webadmin to take note of and correct before it gets ones domain
added to one of the spammer blacklists and all that might imply.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

sendmail spamming Robert E. Martin (May 29)
- Re: sendmail spamming R. DuFresne (May 29)
- Re: sendmail spamming Chuck Swiger (May 29)
- <Possible follow-ups>
- RE: sendmail spamming Behm, Jeffrey L. (May 29)
  - Re: sendmail spamming Robert E. Martin (May 29)
  - RE: sendmail spamming Jim Seymour (May 30)
- RE: sendmail spamming Behm, Jeffrey L. (May 29)
- Re: sendmail spamming Don Jones (May 30)