|
WebApp Sec
mailing list archives
Re: "Nigerian" SPAM uses vulnerability in web applications?
From: Saqib Ali <docbook.xml () gmail com>
Date: Tue, 12 Jul 2005 20:18:55 -0700
Today I received several spam reports and I guess they are sent
through compromised web application of one of our customers.
The fact is I can't figure out anything from the message headers, also
from X-abuse headers except the exact time and my IP address.
There is no strange traffic/cpu activity at that time and I don't find
any "strange-looking" records in apache access and error logs.
The email message contains the following text:
---------------------------------------------
I can't say much about this, till I see the original headers. i have
received nigerian scam emails from all sources, even web forms that
have been implement in a unsecure fashion.
in my web based email forms, i always include the IP address of the
client making the HTTP POST/GET request. this way i can atleast get
the IP address of the attacker.
also use only POST for all web based email forms. I have seen some
blog/email forms, where CSRF attacks are possible. Try to implement
techniques for minimizing CSRF attacks.
--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
 By Date 
By Thread
Current thread:
| 
Intro
