The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anyone else getting these emails?

Discussion in 'E-mail Discussions' started by web12, Jun 4, 2003.

  1. web12

    web12 Well-Known Member

    Joined:
    Nov 20, 2002
    Messages:
    240
    Likes Received:
    0
    Trophy Points:
    16
    I am periodically getting these emails on 2 servers to different accounts... anyone else been getting these? it just doesnt make sense... is someone probing the servers for weaknesses again?

    Obviously I have changed the personal details in the email, but today I have had around 30 of these emails.

    Anyone else?

    cPanel.net Support Ticket Number:
     
  2. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    Is this possibly FormMail related?

    It looks like it is trying to use BCC.

    cPanel.net Support Ticket Number:
     
  3. dhost

    dhost Active Member

    Joined:
    Nov 29, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Weird emails

    I've been getting these as well. Any idea what's happening?

    cPanel.net Support Ticket Number:
     
  4. manokiss

    manokiss Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    571
    Likes Received:
    0
    Trophy Points:
    16
    me too, what is this ?

    cPanel.net Support Ticket Number:
     
  5. web12

    web12 Well-Known Member

    Joined:
    Nov 20, 2002
    Messages:
    240
    Likes Received:
    0
    Trophy Points:
    16
    Something is weird here... I just got another batch of them through... Interestingly, they are using the same domains on the server that were used with the formmail exploit... coincidence?

    Anyone got a take on this?

    cPanel.net Support Ticket Number:
     
  6. Tom Pyles

    Tom Pyles Well-Known Member

    Joined:
    Apr 26, 2002
    Messages:
    254
    Likes Received:
    0
    Trophy Points:
    16
    I'm thinking it a virus that is not formatting properly in the e-mail...I've seen virus' come in text format like that.

    Secondly, if you are seeing it on servers that had the previous formmail script, is it possible that the spam that went out ended up someones addressbook..they get the virus and it sends back out?

    Just a thought, but honestly not sure ;)

    cPanel.net Support Ticket Number:
     
  7. crush11

    crush11 Registered

    Joined:
    Feb 2, 2003
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    getting the same emails as well.. :eek:

    cPanel.net Support Ticket Number:

    cPanel.net Support Ticket Number:
     
  8. Testube

    Testube Registered

    Joined:
    Jun 8, 2003
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    SPammers!

    I, too, have been getting these emails and I have forwarded several to the VO support email address. (I'd use the helpdesk, but once again I cannot get into it.)

    I have a sneaky suspicion that these are attempts (hopefuly unsuccessful) of people who are trying to utilize the formmail program to send spam. I read a few other threads in these forums about it, and there was supposed to be a patch that fixed this back in March, but I have been getting these messages on and off for a few weeks now. If you pull up your webstats via Cpanel, and look at the section titled "last 300 visitors" (I think that's what it's called), you can actually match up the suspect individuals access of formmail.pl with the time that the emails were sent to you. Unortunately, it gives me no real info on who they are, although there were a few with IP addresses listed. (Maybe we can block their IP from the site..but that's only a bandaid, and if they're on dialup their IP will change each time they login anyways...)

    Not sure what VO is doing to fix this, but I hope they do it soon.
    I don't know enough about formmail to fix it myself. And as far as I know, disabling my online html form won't help because I think they are accessing the perl script directly.

    -Jeff

    cPanel.net Support Ticket Number:
     
  9. craven de kere

    Joined:
    May 19, 2003
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    I'm getting these too. I think it is because in the latest formmail fix something is screwing up the way spammers exploit the script.

    The good news is that the spam isn't going out.

    cPanel.net Support Ticket Number:
     
  10. Testube

    Testube Registered

    Joined:
    Jun 8, 2003
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    spam

    Agreed.

    The junkmail (albeit annoying) is better than someone sending spam via my domain and can be filtered out easy enough. Being on a virtual server, I'm not too keen on the whole weblog thing, so I wasn't sure how to tell if the spam was actually being sent or not. I just knew that I was still getting all those weird email messages.

    -Jeff

    cPanel.net Support Ticket Number:
     
  11. ZachICU

    ZachICU Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    130
    Likes Received:
    0
    Trophy Points:
    16
    I am getting this too.

    Glad to see im not the only one. :)

    It looks like a failed fommail exploit attempt.

    Im not expert though, hoping someone can shed more light.

    Thanks
    Zach

    cPanel.net Support Ticket Number:
     
  12. mmkassem

    mmkassem Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Egypt
    they are sent via formmail but they are not formed correctly.

    cPanel.net Support Ticket Number:
     
  13. Testube

    Testube Registered

    Joined:
    Jun 8, 2003
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Helpdesk working on it...

    Well, I now have a helpdesk ticket number for this (see above).
    I got three more of those weird messages this morning.

    I wish there was something we could do to retaliate against these spammers...
    something evil...
    ;)

    haha

    cPanel.net Support Ticket Number: 31596
     
  14. web12

    web12 Well-Known Member

    Joined:
    Nov 20, 2002
    Messages:
    240
    Likes Received:
    0
    Trophy Points:
    16
    Not sure if this is part of the same parcel, but I found this at the bottom of the cpanel changelog...

    Sun Jun 8 15:35:54 EDT 2003
    6.x Build#81
    ---------------------------------------------------------------

    more formmail fixups (non security)
    ---------------------------------------------------------------

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page