Re: Nice formmail.pl probes

[Todd <todd () netsecsys net>]

Actually, it may be that your formail.pl script is being used as a spam 
relay and the bounced messages that you are seeing are from AOL
relating to invalid receipients...

- Todd

On Thu, 28 Feb 2002, Chris Green wrote:

> Jim Forster <jforster () rapidnet com> writes:
>
> > Anyone else seeing a formmail.pl search script running around your
> > websites? 
>
> It's right behind cmd.exe on things people try to access.  There are
> tons of spam programs that will take advantage of it. 
>
> > I was hit with it from users of pacbell.net, kscable.com,
> > BFLO.splitrock.net, shreveport.la.da.uu.net, and tc.ph.cox.net last
> > night, over 3 different class C's.  The subject was either "w00t
> > x.com" or "www.x.com" (x being the domain it hit) going out to their
> > addresses.  (nice their script left me contact info anyway) ;) I'm
> > guesing worm, as 90% of the 'send to' addresses were the same AOL
> > user - the other 10% were other AOL usernames.  
>
> Not a worm, its people excited they can MAKE FUNNY FAST.  ( I would
> have said money but I'm sick of getting bounces back to the
> list/myself on stupid mail filters )
>
> Aol accounts are just disposable
> -- 
> Chris Green <cmg () uab edu>
> I've had a perfectly wonderful evening. But this wasn't it.
>      -- Groucho Marx
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users