Anyone else getting these emails?

web12 · Jun 4, 2003

I am periodically getting these emails on 2 servers to different accounts... anyone else been getting these? it just doesnt make sense... is someone probing the servers for weaknesses again?

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Wed, 04 Jun 2003 13:28:33 -0400
Received: from name by server.name.net with local (Exim 3.36 #1)
id 19Nc3t-0006hT-00
for [email protected]; Wed, 04 Jun 2003 13:28:33 -0400
To: [email protected]
From: [email protected]
Subject: 5BJsbb EN4UxL6gg9Ts*31770*46026175*5BJsbb EN4UxL6gg9Tsbcc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected]: The Bat! (v1.45) PersonalContent-Type: multipart/mixed; boundary=5hCX1x6e9EfOdnRfQTXZW65G3RLeJ--5hCX1x6e9EfOdnRfQTXZW65G3RLeJContent-Type: text/htmlContent-Transfer-Encoding: quoted-printableuRYXD87ccXK5GpVdIC g9D P AzLJzOSPCqQzlXW6 s7 yAgK9VT8gT U TE gf YJLZr=UMr5azdUIcKc7hWXf6 uz oZO4Lyoaulc m4 dX0qTBSxeGibqjXxv1aVKXmLh c HDiXV=gq kFW flo Qa Qn Du p kreX WHstxAhAcca3XR29 CBqoVkF5 a s OrUZA gZp=ze9Gj dXX6 fEovLXu T UPZnkql FIAu9qiMmafGpIzU My mahSoGl7o5eyfesa6 q=D 6 8GQEP J41IsdezuaFcbSvk3tBHym87JeyB99mehHoFYW JSUcGJe Hh26hPMQ61Ds1a= MnJ y73ED3 A xG9nvFH z cpp 2 q EcuNXTjm Z5iGQIyXEY zUL4cqRuZNiAf4E6so =fnb7E P Sv17eAXFhU PvZnV1LjBvWmgSrNyt9zz0 77pjx VVX4PWV KKnsxc2KSS hjI=MlP22yqnarXQ4q=3Cbr=3E=3Ca href=3D=22http=3A=2F=2Fwww=2E9MxSraHoL6Ozrn9=PqPo=2Ecom=2F=22=3E5BJsbb EN4UxL6gg9Ts=3C=2Fa=3E=3Cbr=3EOWDS3eMI phr d=R qq78kvi jbgDxMYhVgG EoT60 k1StRDP6v VXWY1VOdK5 EhdKHY5hs0 Y2pIqL kzQM=lVJ MB1L7HDPRMy Y5 jIdBprVEfyW 7 0Ds jEN4gb6Dh7F M06Ok9 P ySmflRtFF5=d V1RPv uK3JbyNIxr1nVYjWkOEjNTN 9qNbaL3z O0mYVk rCpe1Tpe5EnvEH fYdi= ei92TtXeWedGQ42m51 bJ6H ya--5hCX1x6e9EfOdnRfQTXZW65G3RLeJ--.B PP 1G 7IbyBgi8jbR 4nK n iCmOl ox0Wc bHmOf3q vBSlMJ7Imr6 OpPEL xHVMG 6GVhfPU 9 gYah I 8 50 FgqDCUV9lNB2Cb51Z0CBuMWIrqjMsYy8T9Hfb7 GrFyvzJDBDZ I FTmeHq K UEt9s XK5 5mHbMaM s60cHtc9 J qHni BI0TFf
Message-Id: <[email protected]>
Date: Wed, 04 Jun 2003 13:28:33 -0400

body: OW

DS3eMI p
hr dR qq78kvi
jbgD
xM
YhV

gG
Eo
T60 k1S
tRDP6

v V
XWY1VOdK5 EhdKHY
5hs0 Y
2pIqL kzQ
M
l
VJ MB
1
L7HDPRMy Y5 jIdB
prVEf
yW 7 0Ds j

EN4gb6D
h7
F M06Ok
9 P yS
mflRtFF
5d V1RPv uK3J
by
NIxr1
nVYj
Wk
OEjNTN 9qNbaL3z O0mYVk rCpe

1Tpe5E
nvEH fYdi ei92TtXeWedGQ42m51 bJ
6H y
a

Obviously I have changed the personal details in the email, but today I have had around 30 of these emails.

Anyone else?

cPanel.net Support Ticket Number:

SageBrian · Jun 4, 2003

Is this possibly FormMail related?

It looks like it is trying to use BCC.

cPanel.net Support Ticket Number:

dhost · Jun 4, 2003

Weird emails

I've been getting these as well. Any idea what's happening?

cPanel.net Support Ticket Number:

manokiss · Jun 5, 2003

me too, what is this ?

cPanel.net Support Ticket Number:

web12 · Jun 5, 2003

Something is weird here... I just got another batch of them through... Interestingly, they are using the same domains on the server that were used with the formmail exploit... coincidence?

Anyone got a take on this?

cPanel.net Support Ticket Number:

Tom Pyles · Jun 5, 2003

I'm thinking it a virus that is not formatting properly in the e-mail...I've seen virus' come in text format like that.

Secondly, if you are seeing it on servers that had the previous formmail script, is it possible that the spam that went out ended up someones addressbook..they get the virus and it sends back out?

Just a thought, but honestly not sure

cPanel.net Support Ticket Number:

crush11 · Jun 5, 2003

getting the same emails as well..

cPanel.net Support Ticket Number:

cPanel.net Support Ticket Number:

Testube · Jun 8, 2003

SPammers!

I, too, have been getting these emails and I have forwarded several to the VO support email address. (I'd use the helpdesk, but once again I cannot get into it.)

I have a sneaky suspicion that these are attempts (hopefuly unsuccessful) of people who are trying to utilize the formmail program to send spam. I read a few other threads in these forums about it, and there was supposed to be a patch that fixed this back in March, but I have been getting these messages on and off for a few weeks now. If you pull up your webstats via Cpanel, and look at the section titled "last 300 visitors" (I think that's what it's called), you can actually match up the suspect individuals access of formmail.pl with the time that the emails were sent to you. Unortunately, it gives me no real info on who they are, although there were a few with IP addresses listed. (Maybe we can block their IP from the site..but that's only a bandaid, and if they're on dialup their IP will change each time they login anyways...)

Not sure what VO is doing to fix this, but I hope they do it soon.
I don't know enough about formmail to fix it myself. And as far as I know, disabling my online html form won't help because I think they are accessing the perl script directly.

-Jeff

cPanel.net Support Ticket Number:

craven de kere · Jun 8, 2003

I'm getting these too. I think it is because in the latest formmail fix something is screwing up the way spammers exploit the script.

The good news is that the spam isn't going out.

cPanel.net Support Ticket Number:

Testube · Jun 8, 2003

spam

Agreed.

The junkmail (albeit annoying) is better than someone sending spam via my domain and can be filtered out easy enough. Being on a virtual server, I'm not too keen on the whole weblog thing, so I wasn't sure how to tell if the spam was actually being sent or not. I just knew that I was still getting all those weird email messages.

-Jeff

cPanel.net Support Ticket Number:

ZachICU · Jun 8, 2003

I am getting this too.

Glad to see im not the only one.

It looks like a failed fommail exploit attempt.

Im not expert though, hoping someone can shed more light.

Thanks
Zach

cPanel.net Support Ticket Number:

mmkassem · Jun 9, 2003

they are sent via formmail but they are not formed correctly.

cPanel.net Support Ticket Number:

Testube · Jun 9, 2003

Helpdesk working on it...

Well, I now have a helpdesk ticket number for this (see above).
I got three more of those weird messages this morning.

I wish there was something we could do to retaliate against these spammers...
something evil...

haha

cPanel.net Support Ticket Number: 31596

web12 · Jun 9, 2003

Not sure if this is part of the same parcel, but I found this at the bottom of the cpanel changelog...

Sun Jun 8 15:35:54 EDT 2003
6.x Build#81
---------------------------------------------------------------

more formmail fixups (non security)
---------------------------------------------------------------

cPanel.net Support Ticket Number:

Thread starter	Similar threads	Forum	Replies	Date
	thunderbird and smtp anyone else have issues with latest version sending email	Email	9	Sep 1, 2014
M	Anyone else getting exim has failed, please contact the sysadmin ?	Email	10	Apr 21, 2012
J	exim no longer restarts from SSH. Anyone else notice this?	Email	6	May 20, 2009
L	This is really weird. Anyone else having this problem?	Email	2	Oct 6, 2008
J	Anyone else having problems logging in to Horde mail?	Email	6	Aug 17, 2008

Search

Search

Anyone else getting these emails?

web12

Well-Known Member

SageBrian

Well-Known Member

dhost

Active Member

manokiss

Well-Known Member

web12

Well-Known Member

Tom Pyles

Well-Known Member

crush11

Registered

Testube

Registered

craven de kere

Member

Testube

Registered

ZachICU

Well-Known Member

mmkassem

Well-Known Member

Testube

Registered

web12

Well-Known Member