Security Incidents mailing list archives
Re: formmail
From: "Jay D. Dyson" <jdyson () treachery net>
Date: Sun, 2 Sep 2001 02:42:34 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- On 1 Sep 2001, Soeren Ziehe wrote:
There was an attempt to use a formmail perl script installed on our server from a non-local address.
<snip>
IF you've stayed with me until here. Has anyone seen the same access attempts patterns/tool signatures?
Sure have. Sadly, many were successful at one agency I advise. Seems that spammers have tired of simply looking for open relays and are now looking for other avenues by which they can abuse third-party mail systems and thus overcome the now-defunct ORBS and now-pay-for-use RBL. It's long since been at the point where it's inadvisable to run a web-to-mail gateway unless you've got your script configured to allow only specific recipients. Anything less is just leaving your system open for abuse by the lowest form of net.scum. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) | = |-' `--' `--' `--- Failure is never as devastating as regret. ---' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO5Hw/blDRyqRQ2a9AQEFmgP/cX+EpzliO8yKX6hllBtsxXXgz7oW6Iup jRIcQIla5BidXB4EDwirFy79tVW9pZLNNoAKjDJ1mVuOVLDfeyWWjSvoF2pWQ9jO FttJIcgh5MYjvii7aMrpt3gOUi9xGDLByhirwEBpwL6I+mbueeL+PCy+WEusf4jM y5utnqxaduM= =mQ8H -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- formmail Soeren Ziehe (Sep 02)
- Re: formmail Jay D. Dyson (Sep 02)
- Re: formmail dewt (Sep 02)
- Re: formmail Ryan Russell (Sep 03)