On Sat, Oct 09, 2004 at 03:54:15PM -0700, Mike Ramirez wrote: > On Thu, 2004-10-07 at 21:59, Trevor Smith wrote: > > So I'm getting tons of bounces because the spammers have ... ... > hi Trevor and everyone who is reading this. > I haven't read the full thread, yet, but I want to relate my > "adventures" of the two days to you guys. I run a hosting company that > has similar packages to what Trevor is getting. ..... > area you put an email into line by line. It also has a text box for the > sending address and everything else and attempts to write the headers > also. One of the emails from Friday had a sub dir that it used for the .... > same code. One called mailer.php in the root of the html dir and .... Strange you should mention this. A friend of mine was telling me that there is a commonly used cgi tool that is used on many hosts to permit folks on the web to send feedback mail. It has the apparent advanatage that it does not disclose the address of the account the mail is being sent to. It also has a bug. The bug permits a remote user to craft a html URL which corrupts the sender address and sends mail out. Thus a script can bang through a pile of addresses and spam the world. It is as bad as an open relay but it is this common chunk of cgi code. Apparently there are multiple versions that are vulnerable. I am now looking for a mailing list for web manager where I can track such stuff. Scan your logs..... -- T o m M i t c h e l l Me, I would "Rather" Not.
