I know this is way off topic, but there are a lot of really smart people
on this list so I'm hoping to get some ideas here. I've got a web
server that has some kind of formmail-esque script that is being
horribly abused but I can't find it. The server (shut down qmail-send
on it for now) is
Sent from the wrong address so it didnt make it to the list..
On Tue, 27 Sep 2005, Mike Garrison wrote:
Hi Clayton,
I can tell you what's going on. It's a fairly new exploit that spammers are
starting to highly utilize. There are a few ways this occurs:
1) the form does not check for \n or
On Sep 27, 2005, at 9:52 AM, Clayton Weise wrote:
I know this is way off topic, but there are a lot of really smart
people
on this list so I'm hoping to get some ideas here. I've got a web
server that has some kind of formmail-esque script that is being
horribly abused but I can't find it.
of
recipients. One message might have 500 RCPT TO's in it, but it only
gets tagged as one hit to the page.
-Original Message-
From: Tom Collins [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 27, 2005 10:15 AM
To: vchkpw@inter7.com
Subject: Re: [vchkpw] OT, but abuse related
Assuming you're
On Tue, 27 Sep 2005 09:52:39 -0700
Clayton Weise [EMAIL PROTECTED] wrote:
I know this is way off topic, but there are a lot of really smart
people on this list so I'm hoping to get some ideas here. I've got a
web server that has some kind of formmail-esque script that is being
horribly
]
Sent: Tuesday, September 27, 2005 10:15 AM
To: vchkpw@inter7.com
Subject: Re: [vchkpw] OT, but abuse related
Assuming you're running VirtualHosts with apache, here's what I've
done in a similar situation.
If your directory structure works for this, you can look at all of
the access logs
:[EMAIL PROTECTED]
Sent: Tuesday, September 27, 2005 12:00 PM
To: vchkpw@inter7.com
Subject: Re: [vchkpw] OT, but abuse related
On Tue, 27 Sep 2005 09:52:39 -0700
Clayton Weise [EMAIL PROTECTED] wrote:
I know this is way off topic, but there are a lot of really smart
people on this list so I'm hoping