[Mimedefang] OT: Email web form exploits

WBrown at e1b.org WBrown at e1b.org
Wed Sep 7 09:58:35 EDT 2005


mimedefang-bounces at lists.roaringpenguin.com wrote on 09/07/2005 09:36:54 
AM:

> Our largest issue with these web form mail exploits is not really
> spam-related (in terms of scripts causing our web servers to become spam
> relays); our clients are receiving these fake forms (obviously generated 
by
> a kiddie script) constantly throughout the day, and the script writer 
isn't
> accomplishing the intended task (which is to spam some random AOL 
account).
> The AOL account shows up in the form as the BCC, but shows up *only* as
> text, as if it were part of the form. 

Can the script be coded to look for bcc: in a field that shouldn't have it 
and drop the message?  Perhaps expand that to bcc: followed by an email 
address.  Also since the email address of the alleged sender was showing 
up in so many fields, that could be a test too, say an email address in 
the zipcode field.  Real sophistication would submit the IP address to a 
tarpit or blocklist to prevent repeated connections.



More information about the MIMEDefang mailing list