[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Spammer sending from httpd on our RaQ3

Subject: RE: [cobalt-users] Spammer sending from httpd on our RaQ3
From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
Date: Wed Dec 12 14:22:31 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Paul Johnson wrote:

> Someone is sending spam via one of our RaQs, they've 
> apparently found a way to send mail as if it were coming
> from the http daemon.
> Not sure just how to disable this, particularly in a way
> that the GUI won't re-enable next time we add an email
> account.  Any ideas?  

Yep. And it IS coming from the http daemon, which means it's being generated
by a web page, which means your next statement is pretty well null and
void...

> We've always kept the machine up to date with patches from
> Cobalt.  No indication of any hacks to the machine.

...you have, most likely, by an old version of FormMail.pl on one of your
sites. This is renowned for spamming, since it allows people to manipulate
the form entry fields directly and then send emails from addresses not on
your server.

Find formmail.pl and make sure it's a new version.

http://www.worldwidemart.com/scripts/formmail.shtml

should see you right.

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC

Prev by Date: Re: [cobalt-users] PHP Pkg from Cobalt & MySQL
Next by Date: RE: [cobalt-users] Spammer sending from httpd on our RaQ3
Previous by thread: RE: [cobalt-users] Spammer sending from httpd on our RaQ3
Next by thread: RE: [cobalt-users] Spammer sending from httpd on our RaQ3

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index