On Tue, Sep 12, 2006 at 09:34:15PM -0400, Peter Jay Salzman wrote: > > good sleuth work. from the ferocity of the number i've been getting, it > seemed more like a virus than spam. that spammer has some awesome > connectivity. i hope he gets shut down quickly. they've definitely > decreased, but i'm still getting multiple a day.
Rather, all of his zombied machines together have awesome connectivity. I've been tracking attempts to abuse web-based contact forms on a server that I'm now responsible for, rarely have I seen the same IP hit the form more than once. Probably because they're too busy abusing the 10^5 other insecure forms out there, or doing whatever other nasty tasks their "owner" has rented them for. (The form, BTW was exploited due to the fact that it allowed the user-submitted From: field to contain a newline, thus prematurely breaking the header portion of the generated e-mail.) "SELECT staffEmail FROM Staff where id_staff=$_GET['staff']" wasn't too smart either, although fortunately that little gem didn't get discovered. -troy _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
