From owner-freebsd-newbies@FreeBSD.ORG Sat Jun 28 14:35:15 2003 Return-Path: Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8233B37B401 for ; Sat, 28 Jun 2003 14:35:15 -0700 (PDT) Received: from smtp01.wlv.untd.com (smtp01.wlv.untd.com [209.247.163.57]) by mx1.FreeBSD.org (Postfix) with SMTP id E13CF43FDD for ; Sat, 28 Jun 2003 14:35:14 -0700 (PDT) (envelope-from idiot1@netzero.net) Received: (qmail 27991 invoked from network); 28 Jun 2003 21:35:12 -0000 Received: from dialup-67.31.212.97.dial1.tampa1.level3.net (HELO netzero.net) (67.31.212.97) by smtp01.wlv.untd.com with SMTP; 28 Jun 2003 21:35:12 -0000 Message-ID: <3EFE098B.8@netzero.net> Date: Sat, 28 Jun 2003 17:32:59 -0400 From: Kirk Bailey Organization: Silas Dent Memorial Cabal of ERIS Esoteric and hot dog boiling society User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-newbies@freebsd.org, tutor@python.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: intresting spam idiots X-BeenThere: freebsd-newbies@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Gathering place for new users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Jun 2003 21:35:15 -0000 OK, this gets intresting. I have an email service. Free email. You fill out a form it sends the information to you in a email, you click reply, it comes to another script, said script sends a confo letter, and the alias feeds the letter into an inbox for human creation of the account. I get a lot of bounces from accounts that do not exist on other services. ??? Now track this carefully. 1. you fill out a form, and click submit. 2. the script creates letter and sends it. 3. you get it. You click reply, verify or correct it and click SEND. 4. It goes to an alias feeding another script, and a mailbox. 5. the script on that alias sends a acknowledgement message to the account the letter came from. No applications coming to me. But bounces of acknowledgement letters going to accounts on other sites that do not exist. HUH? ok, giving this considerable thought, we decided that someone was spamming the script's alias in a way that simply strobed the script, but no valid email was found, so nothing was fed to the mailbox intended to receive the application replies. HOW? We still scratch our hides over that one. We figured a way to stop this (changing aliases and script names), and the torrent of bounces has trickled down, down, down, as the bouncing mail in the world wide wow cleans itself out. We think someone out there even found a way to invoke a script without feeding it an email. Our solutions should defeat this, until they guess the correct script names. Then we change again. The lengths some spamjerks will go to are simply amazing. As we actively persue spammers, one or more of them must have decided to jerk us around, to no profit, simply for spite's sake. All our site's scripts live in the web cgi-bin. Of course, the http server can access and run them. But some of them are used only to process email. We are considering moving them into another directory altogether where the httpd (web server) cannot access them. This ought to close a window, and prevent future attacks. Any of you using scripts to process email may care to see if one can access teh scripts through the webserver, and feed them data in ways not foreen; even if they do not inflict harm, a vindictive person could take up a great deal of time and bandwidth triggering scripts with an automatic program, and even possibly in time gain your site a reputation for spewing amazing amounts of garbage- and subsequent blacklisting. You might like to consider if this -- end Cheers! Kirk D Bailey think http://www.howlermonkey.net/ +-----+ http://www.tinylist.org/ http://www.listville.net/ | BOX | http://www.sacredelectron.org/ +-----+ "Thou art free"-ERIS think 'Got a light?'-Promethieus .