Security Incidents mailing list archives
Re: Http scanning for cgi based mail-relays.
From: Chip McClure <vhm3 () hades dnsalias net>
Date: Wed, 18 Jul 2001 14:02:21 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 I got it too, more than likely from the same individual. The sources came from Road Runner in NYC. The exploit was the same, using the formmail.pl script on a clients web site. The scam in question was targeted at AoL, attempting to get Credit Card #'s from AOL members. AOL security was informed, but have heard no replies back. This action took place approximately 1 1/2 weeks ago. - -- Chip McClure Sr. Unix Administrator GigGuardian, Inc http://www.gigguardian.com/ On Wed, 18 Jul 2001 measl () mfn org wrote:
Greetings.
Below is an excerpt from one of our http server logs. Rather
cute, ya? Just for the record, the skr1pt k1dd1e
("truzoom () aol com") doing the scanning is still online with AOL, even
though (1) AOL was sent copies of email from this kid acknowledging the
scans were his/hers; (b) AOL recieved copies of the full logs; (c) AOL
sent us their standard boilerplate "Thanks for reporting this, we have
dealt with it according to our AUP".
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQIXAwUBO1X5YBMjR0bRG2GcFAPYaggAjifWmG9wYMW5H4/0nCJkKnnCU2Q5c2y1 VUYNjNx72PjnV2ybhMfWBml6qcikB0b5L0ybv39rRqcoTrS4LiATa6Ih9XMH8w8O /xRrQIz/PzFpYvtVeIYIIbSYxmPDqKrdMoJI2+/bV3lqTNY1uJCzEvMpO0S9VeUk we6OpHdHtVtCRVOkHJ8hDOagVz1i9JMvk7reiXQbj7tK/HL2uRDKrEYxkoj4D5kJ tOwv4KA10U7JBH+w6Av6sAPrw46PY3TVg/qWsyzEloet9oRRxEue7XNlPWBASadS VX5h2vLe7tbgxPIVTW1lmagVbsde8tRPJPaKpORY4+hm2VZ0rSF+Iwf/TGodWLJE jIIKwtXctNeC+OH+23F5K4SN1ItzLskyHBKJNHKDUZRENt5KIi+ThlJJA4BxCED8 bn//OvxGQcky+ZZL49E2PsPWAowDbdYADuF5B2mRCsb6BLe9HhuS3/+iCzcjODrZ cpYy2eIhFbW3NNHECpRu2TwW4MLLVDW8YZJDDGSdOalbL4r/b2MfIo+Tisw2mNcp RljOM+VthsxB89PTaOVzOh1BW2x/nxK76C6vjuxycS/IcHmOBH0y88w7bLqMdxIg 0y7ju5AcOZ7ZsUfYy7LN6GJH0donQKRMIwTWawB8HdT0iHh6mKtgn83PsTPp+b+k ACPnt3luQvMYcA== =zdvS -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Http scanning for cgi based mail-relays. measl (Jul 18)
- Re: Http scanning for cgi based mail-relays. Chip McClure (Jul 18)
- Re: Http scanning for cgi based mail-relays. David Luyer (Jul 19)
- Re: Http scanning for cgi based mail-relays. Chip McClure (Jul 18)