The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Formmail abuse

Discussion in 'E-mail Discussions' started by eagle, Dec 27, 2003.

  1. eagle

    eagle Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    I found these messages in the mail queue:

    Code:
    1AZ0Du-0007Z0-5I-H
    user 32008 32008
    <user@domain.com>
    1072238534 2
    -ident user
    -received_protocol local
    -body_linecount 6
    -auth_id user
    -auth_sender [email]user@domain.com[/email]
    -local
    XX
    1
    LIIvnVQ2S@[url]www.domain.com[/url]
    
    153P Received: from user by domain.com with local (Exim 4.24)
    	id 1AZ0Du-0007Z0-5I
    	for [email]LIIvnVQ2S@domain.com[/email]; Wed, 24 Dec 2003 05:02:14 +0100
    031T To: LIIvnVQ2S@[url]www.domain.com[/url]
    033F From: LIIvnVQ2S@[url]www.domain.com[/url]
    228  Subject: [url]http://www.domain.com/cgi-sys/formmail.pl[/url] (65.117.182.225:80) bcc: [email]imagx09@aol.com[/email] UI9Te Ev  OspTp3uLnq M a d1sS a QhSf Ao6T OUBW f 6j qxo hlZfTN3CH2e3sYevpChFJr Sr NEyXBTN logsÿFFFFCCabcdefghijklmnopqrstuvqxyzABCDE.
    049I Message-Id: <E1AZ0Du-0007Z0-5I@domain.com>
    038  Date: Wed, 24 Dec 2003 05:02:14 +0100
    071  X-MailScanner-Information: Please contact the ISP for more information
    033  X-MailScanner: Found to be clean
    
     
    1AZ0Du-0007Z0-5I-D
    body:  UI9Te Ev  OspTp3uLnq M a 
    d1sS a QhSf Ao6T OUBW f 6j qxo
     hlZ
    fTN3CH2e3sYevpC
    hFJr Sr NEyXBTN logsÿFFFFCCabcdefghijklmnopqrstuvqxyzABCDE
    
    
     
    
    I substituted the domains. The IP is not mine.

    I found a bunch of them, all from the same date. Is this a succesfull or failed formmail test (from the possible abuser point of view)? These messages haven't been delivered. Not all users on this server were involved.

    I think the bcc message is a signal for the abuser that this server is vulnerable?
     
  2. HollyRidge

    HollyRidge Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    138
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Garner NC USA
    cPanel Access Level:
    Root Administrator
  3. eagle

    eagle Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    I'm sorry HollyRidge :).

    I did search and found the thread, but oversaw one post with the mailheader. I just wasn't sure what to think of the bcc line.

    I guess I never had these attempts before, so I guess I was lucky sofar.
    That's nice, since I don't have that option checked :)
     
  4. HollyRidge

    HollyRidge Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    138
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Garner NC USA
    cPanel Access Level:
    Root Administrator
    It kinda alarmed me too the first time I saw it. After investigating the issue I found where several others were having the same problem and Nick added that option.
     
Loading...

Share This Page