[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] [OT] Email spam
- Subject: Re: [cobalt-users] [OT] Email spam
- From: "Andy Clyde, oxfordmusic.net" <andy.clyde@xxxxxxxxxxxxxxx>
- Date: Tue Aug 27 04:47:02 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> >
> > >
> > >
> > > > -----Original Message-----
> > > >
> > > >
> > > > very off-topic i know but if someone could point me in the right
place
> > for
> > > > an answer i'd be most grateful, otherwise just delete...
> > > >
> > > > one of my clients has had his email hijacked for spam about
> > Viagra. i've
> > > > checked our server and it doesn't seem to be coming through us (i
ran
> > 'cat
> > > > maillog | grep viagra' and nothing showed up, plus our IP does not
> > feature
> > > > in the email headers). is there anything we can do about this, or
are
> > they
> > > > just forging the email header and we have to put up with it. we only
> > found
> > > > out coz our client got 1000 bounce back emails this morning.
> > > >
> > > > much obliged
> > >
> > > They're not using the FormMail exploit are they?
> > >
> >
> > wouldn't that still show up in the maillog?
>
> I'm not sure about that. It would show up in the web logs for the site
> though. Something like this:
>
>
http://www.domain.com/cgi-bin/formmail.pl?recipient=fred@xxxxxxxxxxxxxxxxxx&;
> message=Buy%20viagra
>
don't think it is that since the domain name they're using doesn't have
FormMail. i double checked the access log for that virtual site and there's
nothing there.
andy