The funny thing, to me, is that I see stuff like this in my mail logs
all the time, both at my day job and at home:
2005-08-30 00:20:36 SMTP protocol violation: synchronization error
(input sent without waiting for greeting): rejected connection from
H=[81.12.246.11] input="POST / HTTP/1.0\r\nContent-Type:
text/plain\r\nContent-Length: 833\r\n\r\nRSET\r\nHELO sightz.com\r\nMAIL
FROM:<[EMAIL PROTECTED]>\r\nRCPT TO:<[EMAIL PROTECTED]>"
(I changed the email addresses to protect the [not so] innocent.)
Apparently, someone learned to program HTTP and figures everything is a
web server....Not so clever hackers. (And, yes that is coming in on port
25.)
BTW, trying to exploit cgi mail programs is an old trick. I've seen
failed attempts at posting to common cgi mail programs on my server for
ages. What's funny is that I use my own, custom contact form and cgi
(written in C, no less). It only sends email to me, and it requires that
all fields be filled out. The reason it's funny is that I've taken the
name of a common cgi mail program, swapped the first and second
syllables of the name, and removed the file extension (which is
meaningles on *NIX anyway). Of course, no one has ever used it to send
me mail, except for myself during testing. :(
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
