[Tutor] intresting spam idiots
Kirk Bailey
idiot1@netzero.net
Sat Jun 28 17:36:51 2003
OK, this gets intresting.
I have an email service. Free email. You fill out a form it sends the information to you
in a email, you click reply, it comes to another script, said script sends a confo
letter, and the alias feeds the letter into an inbox for human creation of the account.
I get a lot of bounces from accounts that do not exist on other services. ???
Now track this carefully.
1. you fill out a form, and click submit.
2. the script creates letter and sends it.
3. you get it. You click reply, verify or correct it and click SEND.
4. It goes to an alias feeding another script, and a mailbox.
5. the script on that alias sends a acknowledgement message to the account
the letter came from.
No applications coming to me. But bounces of acknowledgement letters going to accounts
on other sites that do not exist. HUH?
ok, giving this considerable thought, we decided that someone was spamming the script's
alias in a way that simply strobed the script, but no valid email was found, so nothing
was fed to the mailbox intended to receive the application replies. HOW? We still
scratch our hides over that one.
We figured a way to stop this (changing aliases and script names), and the torrent of
bounces has trickled down, down, down, as the bouncing mail in the world wide wow cleans
itself out. We think someone out there even found a way to invoke a script without
feeding it an email. Our solutions should defeat this, until they guess the correct
script names. Then we change again.
The lengths some spamjerks will go to are simply amazing. As we actively persue
spammers, one or more of them must have decided to jerk us around, to no profit, simply
for spite's sake.
All our site's scripts live in the web cgi-bin. Of course, the http server can access
and run them. But some of them are used only to process email. We are considering moving
them into another directory altogether where the httpd (web server) cannot access them.
This ought to close a window, and prevent future attacks.
Any of you using scripts to process email may care to see if one can access teh scripts
through the webserver, and feed them data in ways not foreen; even if they do not
inflict harm, a vindictive person could take up a great deal of time and bandwidth
triggering scripts with an automatic program, and even possibly in time gain your site a
reputation for spewing amazing amounts of garbage- and subsequent blacklisting.
You might like to consider if this
--
end
Cheers!
Kirk D Bailey
think
http://www.howlermonkey.net/ +-----+ http://www.tinylist.org/
http://www.listville.net/ | BOX | http://www.sacredelectron.org/
+-----+
"Thou art free"-ERIS think 'Got a light?'-Promethieus
.