[vox-tech] spam current events
Troy Arnold
troy-vox at zenux.net
Wed Sep 13 23:56:19 PDT 2006
On Tue, Sep 12, 2006 at 09:34:15PM -0400, Peter Jay Salzman wrote:
>
> good sleuth work. from the ferocity of the number i've been getting, it
> seemed more like a virus than spam. that spammer has some awesome
> connectivity. i hope he gets shut down quickly. they've definitely
> decreased, but i'm still getting multiple a day.
Rather, all of his zombied machines together have awesome connectivity.
I've been tracking attempts to abuse web-based contact forms on a server
that I'm now responsible for, rarely have I seen the same IP hit the
form more than once. Probably because they're too busy abusing the 10^5
other insecure forms out there, or doing whatever other nasty tasks their
"owner" has rented them for.
(The form, BTW was exploited due to the fact that it allowed the
user-submitted From: field to contain a newline, thus prematurely breaking
the header portion of the generated e-mail.)
"SELECT staffEmail FROM Staff where id_staff=$_GET['staff']" wasn't too
smart either, although fortunately that little gem didn't get discovered.
-troy
More information about the vox-tech
mailing list