Re: Http scanning for cgi based mail-relays.
From: Chip McClure (vhm3_at_hades.dnsalias.net)Date: 07/18/01
- Vorherige Nachricht: Marc Maiffret: "RE: "Code Red" worm questions"
- Als Antwort auf: measl_at_mfn.org: "Http scanning for cgi based mail-relays."
- Nächste im Thread: David Luyer: "Re: Http scanning for cgi based mail-relays."
- Antwort: David Luyer: "Re: Http scanning for cgi based mail-relays."
- Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
I got it too, more than likely from the same individual. The sources came
from Road Runner in NYC. The exploit was the same, using the formmail.pl
script on a clients web site.
The scam in question was targeted at AoL, attempting to get Credit Card
#'s from AOL members. AOL security was informed, but have heard no replies
back.
This action took place approximately 1 1/2 weeks ago.
- --
Chip McClure
Sr. Unix Administrator
GigGuardian, Inc
On Wed, 18 Jul 2001 measl_at_mfn.org wrote:
>
> Greetings.
>
> Below is an excerpt from one of our http server logs. Rather
> cute, ya? Just for the record, the skr1pt k1dd1e
> ("truzoom_at_aol.com") doing the scanning is still online with AOL, even
> though (1) AOL was sent copies of email from this kid acknowledging the
> scans were his/hers; (b) AOL recieved copies of the full logs; (c) AOL
> sent us their standard boilerplate "Thanks for reporting this, we have
> dealt with it according to our AUP".
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iQIXAwUBO1X5YBMjR0bRG2GcFAPYaggAjifWmG9wYMW5H4/0nCJkKnnCU2Q5c2y1
VUYNjNx72PjnV2ybhMfWBml6qcikB0b5L0ybv39rRqcoTrS4LiATa6Ih9XMH8w8O
/xRrQIz/PzFpYvtVeIYIIbSYxmPDqKrdMoJI2+/bV3lqTNY1uJCzEvMpO0S9VeUk
we6OpHdHtVtCRVOkHJ8hDOagVz1i9JMvk7reiXQbj7tK/HL2uRDKrEYxkoj4D5kJ
tOwv4KA10U7JBH+w6Av6sAPrw46PY3TVg/qWsyzEloet9oRRxEue7XNlPWBASadS
VX5h2vLe7tbgxPIVTW1lmagVbsde8tRPJPaKpORY4+hm2VZ0rSF+Iwf/TGodWLJE
jIIKwtXctNeC+OH+23F5K4SN1ItzLskyHBKJNHKDUZRENt5KIi+ThlJJA4BxCED8
bn//OvxGQcky+ZZL49E2PsPWAowDbdYADuF5B2mRCsb6BLe9HhuS3/+iCzcjODrZ
cpYy2eIhFbW3NNHECpRu2TwW4MLLVDW8YZJDDGSdOalbL4r/b2MfIo+Tisw2mNcp
RljOM+VthsxB89PTaOVzOh1BW2x/nxK76C6vjuxycS/IcHmOBH0y88w7bLqMdxIg
0y7ju5AcOZ7ZsUfYy7LN6GJH0donQKRMIwTWawB8HdT0iHh6mKtgn83PsTPp+b+k
ACPnt3luQvMYcA==
=zdvS
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
- Vorherige Nachricht: Marc Maiffret: "RE: "Code Red" worm questions"
- Als Antwort auf: measl_at_mfn.org: "Http scanning for cgi based mail-relays."
- Nächste im Thread: David Luyer: "Re: Http scanning for cgi based mail-relays."
- Antwort: David Luyer: "Re: Http scanning for cgi based mail-relays."
- Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]
Relevant Pages
|
