-----BEGIN PGP SIGNED MESSAGE----- On 1 Sep 2001, Soeren Ziehe wrote: > There was an attempt to use a formmail perl script installed on our > server from a non-local address. <snip> > IF you've stayed with me until here. Has anyone seen the same access > attempts patterns/tool signatures? Sure have. Sadly, many were successful at one agency I advise. Seems that spammers have tired of simply looking for open relays and are now looking for other avenues by which they can abuse third-party mail systems and thus overcome the now-defunct ORBS and now-pay-for-use RBL. It's long since been at the point where it's inadvisable to run a web-to-mail gateway unless you've got your script configured to allow only specific recipients. Anything less is just leaving your system open for abuse by the lowest form of net.scum. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) | = |-' `--' `--' `--- Failure is never as devastating as regret. ---' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO5Hw/blDRyqRQ2a9AQEFmgP/cX+EpzliO8yKX6hllBtsxXXgz7oW6Iup jRIcQIla5BidXB4EDwirFy79tVW9pZLNNoAKjDJ1mVuOVLDfeyWWjSvoF2pWQ9jO FttJIcgh5MYjvii7aMrpt3gOUi9xGDLByhirwEBpwL6I+mbueeL+PCy+WEusf4jM y5utnqxaduM= =mQ8H -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Sep 02 2001 - 13:37:02 PDT