[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Possible spammer or what?

Subject: RE: [cobalt-users] Possible spammer or what?
From: "Dan Kriwitsky" <webhosting@xxxxxxxxx>
Date: Sat Aug 25 12:45:49 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> > > Yes, we have a few, with the refers set to only allow from our domain.
> >>
> >
> >Doesn't matter.
> >See
> >http://www.securiteam.com/exploits/FormMail_discloses_environment
> _variables_
> >information.html
>
> Dan,
>
> You miss one of the more important reasons for removing formmail.pl -
>
> It's actually worse than simply revealing environment variables -
> imho - at least with only a few vars someone needs to know WHAT
> to do with them - we found a client site with formmail.pl (v1.6 -
> courtesy of Matt Wright) on one of our servers - the script had
> been exploited to send about 5,000 homosexually explicit porn
> adverts out of the server PER DAY for about a week - we didn't
> notice for a while, as they were pretty careful to send only 5,000 a day!

That's the point of the URL I posted. Notice where it says <message> in the
exploit?

--
Dan Kriwitsky

References:
- RE: [cobalt-users] Possible spammer or what?
  - From: Greg Hewitt-Long

Prev by Date: [cobalt-users] IMPORTANT - Email harvesting
Next by Date: Re: [cobalt-users] IMPORTANT - Email harvesting
Previous by thread: [cobalt-users] OT: Roadrunner servers in southeast struck by SirCam
Next by thread: [cobalt-users] catch all aliases on telnet

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index