[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] HELP Spam attack

Subject: RE: [cobalt-users] HELP Spam attack
From: "Dan Kriwitsky" <list1@xxxxxxxxxxxxxxxxxxxx>
Date: Mon Dec 9 11:59:43 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

 
> Dec  9 07:42:05 sage sendmail[7668]: HAA07666: 
> to=delphisman@xxxxxxx,jcallaham1@xxxxxxx,jcallahan2@xxxxxxx,sh
> acked44@xxxxxxx,shacked5@xxxxxxx,gammonja@xxxxxxx,gammonje@aol
> .com,shackee@xxxxxxx,aholnewrld@xxxxxxx,lamonique1@xxxxxxx 
> ,pltrobert@xxxxxxx,delphiserv@xxxxxxx,tlrubin@xxxxxxx,delphisi
> s@xxxxxxx,pltroiani@xxxxxxx,jcallagy@xxxxxxx,gammonite@xxxxxxx
> ,gammonites@xxxxxxx,jcallah@xxxxxxx,missyheel@xxxxxxx, 
> ctladdr=admin (110/27), delay=00:00:02, xdelay=00:00:02, 
> mailer=esmtp, 
> relay=mailin-04.mx.aol.com. [64.12.136.153], stat=Sent (OK)

I'd be willing to bet you have a copy of FormMail.pl/cgi on your server
v1.6 or other vulnerable version. Get rid of it.

Do a locate FormMail and I bet you find it.

ftp://ftp.monkeys.com/pub/formmail/1.9s/

http://nms-cgi.sourceforge.net/

-- 
C2002 Dan Kriwitsky

Please reply to the list only. Off list replies are not read.

References:
- [cobalt-users] HELP Spam attack
  - From: Dawn D. Pfaltzgraff

Prev by Date: Re: [cobalt-users] HOWTO: Rebuild PostgreSQL 'cobalt' database due to corrupt quota table
Next by Date: Re: [cobalt-users] openwebmail - user@xxxxxxxxxxxxxx
Previous by thread: Re: [cobalt-users] HELP Spam attack
Next by thread: [cobalt-users] [RAQ3] Apache User-Agent blocking for all sites

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index