[Mimedefang] OT: Email web form exploits
WBrown at e1b.org
WBrown at e1b.org
Wed Sep 7 09:58:35 EDT 2005
mimedefang-bounces at lists.roaringpenguin.com wrote on 09/07/2005 09:36:54
AM:
> Our largest issue with these web form mail exploits is not really
> spam-related (in terms of scripts causing our web servers to become spam
> relays); our clients are receiving these fake forms (obviously generated
by
> a kiddie script) constantly throughout the day, and the script writer
isn't
> accomplishing the intended task (which is to spam some random AOL
account).
> The AOL account shows up in the form as the BCC, but shows up *only* as
> text, as if it were part of the form.
Can the script be coded to look for bcc: in a field that shouldn't have it
and drop the message? Perhaps expand that to bcc: followed by an email
address. Also since the email address of the alleged sender was showing
up in so many fields, that could be a test too, say an email address in
the zipcode field. Real sophistication would submit the IP address to a
tarpit or blocklist to prevent repeated connections.
More information about the MIMEDefang
mailing list