Security Incidents mailing list archives
Re: Http scanning for cgi based mail-relays.
From: David Luyer <david_luyer () pacific net au>
Date: 19 Jul 2001 15:09:09 +1000
On 18 Jul 2001 14:02:21 -0700, Chip McClure wrote:
I got it too, more than likely from the same individual. The sources came from Road Runner in NYC. The exploit was the same, using the formmail.pl script on a clients web site.
We've had spammers exploiting formmail.pl on client's web sites for almost 6 months now, and been gradually one by one making the formmail.pl's much more stringent. It's a real pain, though, when a formmail.pl was installed as a central copy for users of an ISP to then go and define the criteria which make it useless for spamming and yet still able to do everything required by legitimate users... Usually @home, RR, uunet, etc users seem to do this directly. I haven't seen it done from IPs outside the US yet, which means the spammers aren't doing it via open proxies/wingates/etc yet. -- David Luyer Phone: +61 3 9674 7525 Engineering Projects Manager P A C I F I C Fax: +61 3 9699 8693 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 2983 http://www.pacific.net.au/ NASDAQ: PCNTF ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Http scanning for cgi based mail-relays. measl (Jul 18)
- Re: Http scanning for cgi based mail-relays. Chip McClure (Jul 18)
- Re: Http scanning for cgi based mail-relays. David Luyer (Jul 19)
- Re: Http scanning for cgi based mail-relays. Chip McClure (Jul 18)