Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Formmail abuse

Discussion in 'E-mail Discussion' started by eagle, Dec 27, 2003.

  1. eagle

    eagle Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    139
    Likes Received:
    0
    Trophy Points:
    166
    I found these messages in the mail queue:

    Code:
    1AZ0Du-0007Z0-5I-H
    user 32008 32008
    <user@domain.com>
    1072238534 2
    -ident user
    -received_protocol local
    -body_linecount 6
    -auth_id user
    -auth_sender [email]user@domain.com[/email]
    -local
    XX
    1
    LIIvnVQ2S@[url]www.domain.com[/url]
    
    153P Received: from user by domain.com with local (Exim 4.24)
    	id 1AZ0Du-0007Z0-5I
    	for [email]LIIvnVQ2S@domain.com[/email]; Wed, 24 Dec 2003 05:02:14 +0100
    031T To: LIIvnVQ2S@[url]www.domain.com[/url]
    033F From: LIIvnVQ2S@[url]www.domain.com[/url]
    228  Subject: [url]http://www.domain.com/cgi-sys/formmail.pl[/url] (65.117.182.225:80) bcc: [email]imagx09@aol.com[/email] UI9Te Ev  OspTp3uLnq M a d1sS a QhSf Ao6T OUBW f 6j qxo hlZfTN3CH2e3sYevpChFJr Sr NEyXBTN logsÿFFFFCCabcdefghijklmnopqrstuvqxyzABCDE.
    049I Message-Id: <E1AZ0Du-0007Z0-5I@domain.com>
    038  Date: Wed, 24 Dec 2003 05:02:14 +0100
    071  X-MailScanner-Information: Please contact the ISP for more information
    033  X-MailScanner: Found to be clean
    
     
    1AZ0Du-0007Z0-5I-D
    body:  UI9Te Ev  OspTp3uLnq M a 
    d1sS a QhSf Ao6T OUBW f 6j qxo
     hlZ
    fTN3CH2e3sYevpC
    hFJr Sr NEyXBTN logsÿFFFFCCabcdefghijklmnopqrstuvqxyzABCDE
    
    
     
    
    I substituted the domains. The IP is not mine.

    I found a bunch of them, all from the same date. Is this a succesfull or failed formmail test (from the possible abuser point of view)? These messages haven't been delivered. Not all users on this server were involved.

    I think the bcc message is a signal for the abuser that this server is vulnerable?
     
  2. HollyRidge

    HollyRidge Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    138
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Garner NC USA
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. eagle

    eagle Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    139
    Likes Received:
    0
    Trophy Points:
    166
    I'm sorry HollyRidge :).

    I did search and found the thread, but oversaw one post with the mailheader. I just wasn't sure what to think of the bcc line.

    I guess I never had these attempts before, so I guess I was lucky sofar.
    That's nice, since I don't have that option checked :)
     
  4. HollyRidge

    HollyRidge Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    138
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Garner NC USA
    cPanel Access Level:
    Root Administrator
    It kinda alarmed me too the first time I saw it. After investigating the issue I found where several others were having the same problem and Nick added that option.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice