Re: [fw-wiz] sendmail spamming

• Previous message: Sutantyo, Danny: "RE: [fw-wiz] PIX-Firewal1 VPN"
• In reply to: Robert E. Martin: "[fw-wiz] sendmail spamming"
• Next in thread: Behm, Jeffrey L.: "RE: [fw-wiz] sendmail spamming"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Robert E. Martin" <rmartin@fishburne.org>
Date: Thu, 29 May 2003 11:24:56 -0400 (EDT)

On Thu, 29 May 2003, Robert E. Martin wrote:

> Just a moraltiy question for you guys.
> I have just finished locking up and exploit in our email server. This
> spawned from a formmail script left on our web server I neglected to
> delete.
> I noticed CPU activity spikes on the email server and found that our web
> server was spamming our email server due to the classic formmail exploit.
> My question is this. What is the motivation behind such an expliot? What

The motivation of the exploit/exploiter is the classic one of most
spammers, avoinding detection and blacklisting of them for the activity.
As well as these days trying to avoid the revenge attacks that some lauch
on known avid spammers.

> is there to gain from this other than job security for a person like me?
> This kind of action makes no sense to me.

Now the reason for the insecure cgi is altogether different. There are
many 'old' respoitoories of cgi's available, many of which have long been
known to contain less then seucre means of achieving their ends. It's
amazing how many folks trust any and all code that is placed in the public
domain for their personal use. It's been awhile since I looked at RFP's
libwhisker tools, or others like it. but, many of these can spider a site
and find such gaps in an otherwise fairly secure setup. And a nightly
spider of the site when traffic should be lower is not such a bad thing
for those tasked with maintaning such systems, and can be a decent headsup
for the webadmin to take note of and correct before it gets ones domain
added to one of the spammer blacklists and all that might imply.

Thanks,

Ron DuFresne

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Sutantyo, Danny: "RE: [fw-wiz] PIX-Firewal1 VPN"
• In reply to: Robert E. Martin: "[fw-wiz] sendmail spamming"
• Next in thread: Behm, Jeffrey L.: "RE: [fw-wiz] sendmail spamming"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: VIRUS HELP???? ... Haven't thought of them since they spammed our family email server ... worse than spammers and not as bright as spammers. ... Those boys over at "nanae" are doing none any favors. ... Black lists are a reflection of stupidity, laziness and a lack of talent. ... (alt.computer.security) Re: Need a spam filtering service - recommendations? ... This article discusses some of the ways in which spammers obtain addresses, ... and random generation is one of them. ... so that's one way in which my luckless domains have been propagated across ... I don't want to run an email server - I want a service provider to do ... (uk.comp.misc) Re: Unknown spammer ... >> security hole of my email server? ... > Some possible explanations would be an open proxy, ... > It could also be some broken firewall rules changing the ... The latest Windows mass mailer worm could be used by spammers to ... (comp.os.linux.security)