[Mimedefang] OT: Email web form exploits
Jan Pieter Cornet
johnpc at xs4all.nl
Fri Sep 9 16:24:03 EDT 2005
On Fri, Sep 09, 2005 at 01:58:56PM -0400, Chris Gauch wrote:
> > because chances are they'll contain probe addresses that might
> > be helpful for tracking down the spammers.
>
> Yes, we are certainly doing that. We log the REFERER information including
> remote IP addresses to a database and check it every so often (we're only
> doing this on 1 or 2 forms that we developed in hopes of tracking down the
> offenders). So far, most of the offending IPs point to Eastern Europe and
> Asia...
You could possibly check against DNS blacklists like xbl.spamhaus.org,
and list.dsbl.org. If a remote machine is on one of those lists, you may
want to give an error instead. I haven't tested this myself, but I heard
claims this might help.
With your current database of offenders, it should be easy enough to
see if there is enough of a match with those blacklists.
--
#!perl -wpl # mmfppfmpmmpp mmpffm <pmmppfmfpppppfmmmf at fpffmm4mmmpmfpmf.ppppmf>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig; # Jan-Pieter Cornet
More information about the MIMEDefang
mailing list