Auto-generated Spam from Cpanel

**jdan6@2003** · 08-30-2003 04:52 PM

Hi,

All domains on our server reveived many similar automatically generated spam email (i.e. from an email address to the same email address) with nonsense message. The email looks like this:

-------------------
Return-path: <domain@my.server.com>
Envelope-to: Ok5cj2@domain.com
Delivery-date: Fri, 29 Aug 2003 21:01:10 -0500
Received: from domain by my.server.com with local (Exim 4.20)
id 19sv38-0007PG-E8
for Ok5cj2@domain.com; Fri, 29 Aug 2003 21:01:10 -0500
To: Ok5cj2@domain.com
From: Ok5cj2@domain.com
Subject: http://www.domain.com/cgi-sys/formmail.pl (200.71.42.92:80) bcc: bagnallb@aol.com39b1ENHLY z5WXSqZq EqPLje8 vxFmHz6 x c56 nQcF9vPcciOg796p WeRNnsAfz v oimd1iE7sZuM uOjEjH2 ssFÿFFFFCCabcdefghijklmnopqrstuvqxyzABCDEFGHIJKLMNO.
Message-Id: <E19sv38-0007PG-E8@my.server.com>
Date: Fri, 29 Aug 2003 21:01:10 -0500
--------------------

Does anyone have the same problem? How to fix it?

"domain.com" does not use FormMail script for email.

Any ideas?

cPanel.net Support Ticket Number:

**Ehost4cheap** · 08-30-2003 10:55 PM

i got the same thing on one of my accounts.

cPanel.net Support Ticket Number:

**nyjimbo** · 08-30-2003 11:05 PM

Same here.

This email "bagnallb@aol.com " concerns me alot.

cPanel.net Support Ticket Number:

**FWC** · 08-30-2003 11:06 PM

In Tweak Settings in WHM check:

Silently Discard all FormMail-clone requests with a bcc: header in the subject line

**Stefaans** · 08-31-2003 10:33 AM

So it seems to be not "automatically generated" spam e-mail. Rather it's a real-live attempt to use your cgi-sys/formmail scripts!

There has been a lot of talk on the Forum regarding this that will show you how to disable it if you want to. The option to diable the BCC's seems to fix the latest vulnerability.

cPanel.net Support Ticket Number:

**FWC** · 08-31-2003 11:32 AM

Originally posted by Stefaans
There has been a lot of talk on the Forum regarding this that will show you how to disable it if you want to. The option to diable the BCC's seems to fix the latest vulnerability.

Vulnerability is a bit strong. The BCC trick doesn't work. The emails don't get sent off server. The Tweak just prevents the local delivery of the failed attempts.

**tAzMaNiAc** · 08-31-2003 10:29 PM

Agreed. It's not even a vulnerability.

Just a test/probe of your services much like fraudsters would do a test/fake new account signup.... Think people.

Brenden

cPanel.net Support Ticket Number:

LinkBack

Thread Tools

Auto-generated Spam from Cpanel

Spam Injection, generated on fake emails

Invalid CSRs generated with cPanel

Change the way UIDs are generated

Where/How do stats get generated

using sitestudios java/jdk for cpanel generated domain