-----BEGIN PGP SIGNED MESSAGE-----
On 1 Sep 2001, Soeren Ziehe wrote:
> There was an attempt to use a formmail perl script installed on our
> server from a non-local address.
<snip>
> IF you've stayed with me until here. Has anyone seen the same access
> attempts patterns/tool signatures?
Sure have. Sadly, many were successful at one agency I advise.
Seems that spammers have tired of simply looking for open relays and are
now looking for other avenues by which they can abuse third-party mail
systems and thus overcome the now-defunct ORBS and now-pay-for-use RBL.
It's long since been at the point where it's inadvisable to run
a web-to-mail gateway unless you've got your script configured to allow
only specific recipients. Anything less is just leaving your system open
for abuse by the lowest form of net.scum.
- -Jay
( ( _______
)) )) .--"There's always time for a good cup of coffee"--. >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson_at_treachery.net ------<) | = |-'
`--' `--' `--- Failure is never as devastating as regret. ---' `------'
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.
iQCVAwUBO5Hw/blDRyqRQ2a9AQEFmgP/cX+EpzliO8yKX6hllBtsxXXgz7oW6Iup
jRIcQIla5BidXB4EDwirFy79tVW9pZLNNoAKjDJ1mVuOVLDfeyWWjSvoF2pWQ9jO
FttJIcgh5MYjvii7aMrpt3gOUi9xGDLByhirwEBpwL6I+mbueeL+PCy+WEusf4jM
y5utnqxaduM=
=mQ8H
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Sep 02 2001
Intro
