Date: Sat, 28 Jun 2003 17:32:59 -0400 From: Kirk Bailey <idiot1@netzero.net> To: freebsd-newbies@freebsd.org, tutor@python.org Subject: intresting spam idiots Message-ID: <3EFE098B.8@netzero.net>
next in thread | raw e-mail | index | archive | help
OK, this gets intresting. I have an email service. Free email. You fill out a form it sends the information to you in a email, you click reply, it comes to another script, said script sends a confo letter, and the alias feeds the letter into an inbox for human creation of the account. I get a lot of bounces from accounts that do not exist on other services. ??? Now track this carefully. 1. you fill out a form, and click submit. 2. the script creates letter and sends it. 3. you get it. You click reply, verify or correct it and click SEND. 4. It goes to an alias feeding another script, and a mailbox. 5. the script on that alias sends a acknowledgement message to the account the letter came from. No applications coming to me. But bounces of acknowledgement letters going to accounts on other sites that do not exist. HUH? ok, giving this considerable thought, we decided that someone was spamming the script's alias in a way that simply strobed the script, but no valid email was found, so nothing was fed to the mailbox intended to receive the application replies. HOW? We still scratch our hides over that one. We figured a way to stop this (changing aliases and script names), and the torrent of bounces has trickled down, down, down, as the bouncing mail in the world wide wow cleans itself out. We think someone out there even found a way to invoke a script without feeding it an email. Our solutions should defeat this, until they guess the correct script names. Then we change again. The lengths some spamjerks will go to are simply amazing. As we actively persue spammers, one or more of them must have decided to jerk us around, to no profit, simply for spite's sake. All our site's scripts live in the web cgi-bin. Of course, the http server can access and run them. But some of them are used only to process email. We are considering moving them into another directory altogether where the httpd (web server) cannot access them. This ought to close a window, and prevent future attacks. Any of you using scripts to process email may care to see if one can access teh scripts through the webserver, and feed them data in ways not foreen; even if they do not inflict harm, a vindictive person could take up a great deal of time and bandwidth triggering scripts with an automatic program, and even possibly in time gain your site a reputation for spewing amazing amounts of garbage- and subsequent blacklisting. You might like to consider if this -- end Cheers! Kirk D Bailey think http://www.howlermonkey.net/ +-----+ http://www.tinylist.org/ http://www.listville.net/ | BOX | http://www.sacredelectron.org/ +-----+ "Thou art free"-ERIS think 'Got a light?'-Promethieus .
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EFE098B.8>