[Tutor] intresting spam idiots

Kirk Bailey idiot1@netzero.net
Sat Jun 28 17:36:51 2003


OK, this gets intresting.

I have an email service. Free email. You fill out a form it sends the information to you 
in a email, you click reply, it comes to another script, said script sends a confo 
letter, and the alias feeds the letter into an inbox for human creation of the account.

I get a lot of bounces from accounts that do not exist on other services. ???

Now track this carefully.
1. you fill out a form, and click submit.
2. the script creates letter and sends it.
3. you get it. You click reply, verify or correct it and click SEND.
4. It goes to an alias feeding another script, and a mailbox.
5. the script on that alias sends a acknowledgement message to the account
    the letter came from.
No applications coming to me. But bounces of acknowledgement letters going to accounts 
on other sites that do not exist. HUH?

ok, giving this considerable thought, we decided that someone was spamming the script's 
alias in a way that simply strobed the script, but no valid email was found, so nothing 
was fed to the mailbox intended to receive the application replies.  HOW? We still 
scratch our hides over that one.

We figured a way to stop this (changing aliases and script names), and the torrent of 
bounces has trickled down, down, down, as the bouncing mail in the world wide wow cleans 
itself out. We think someone out there even found a way to invoke a script without 
feeding it an email. Our solutions should defeat this, until they guess the correct 
script names. Then we change again.

The lengths some spamjerks will go to are simply amazing. As we actively persue 
spammers, one or more of them must have decided to jerk us around, to no profit, simply 
for spite's sake.

All our site's scripts live in the web cgi-bin. Of course, the http server can access 
and run them. But some of them are used only to process email. We are considering moving 
them into another directory altogether where the httpd (web server) cannot access them. 
This ought to close a window, and prevent future attacks.

Any of you using scripts to process email may care to see if one can access teh scripts 
through the webserver, and feed them data in ways not foreen; even if they do not 
inflict harm, a vindictive person could take up a great deal of time and bandwidth 
triggering scripts with an automatic program, and even possibly in time gain your site a 
reputation for spewing amazing amounts of garbage- and subsequent blacklisting.


You might like to consider if this

-- 

end

Cheers!
         Kirk D Bailey
                               think
http://www.howlermonkey.net/ +-----+ http://www.tinylist.org/
http://www.listville.net/    | BOX | http://www.sacredelectron.org/
                              +-----+
"Thou art free"-ERIS          think    'Got a light?'-Promethieus

.