The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Self-generated Spam from Cpanel

Discussion in 'General Discussion' started by jdan6@2003, Aug 30, 2003.

  1. jdan6@2003

    jdan6@2003 Active Member

    Joined:
    May 18, 2003
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Auto-generated Spam from Cpanel

    Hi,

    All domains on our server reveived many similar automatically generated spam email (i.e. from an email address to the same email address) with nonsense message. The email looks like this:



    -------------------
    Return-path: <domain@my.server.com>
    Envelope-to: Ok5cj2@domain.com
    Delivery-date: Fri, 29 Aug 2003 21:01:10 -0500
    Received: from domain by my.server.com with local (Exim 4.20)
    id 19sv38-0007PG-E8
    for Ok5cj2@domain.com; Fri, 29 Aug 2003 21:01:10 -0500
    To: Ok5cj2@domain.com
    From: Ok5cj2@domain.com
    Subject: http://www.domain.com/cgi-sys/formmail.pl (200.71.42.92:80) bcc: bagnallb@aol.com39b1ENHLY z5WXSqZq EqPLje8 vxFmHz6 x c56 nQcF9vPcciOg796p WeRNnsAfz v oimd1iE7sZuM uOjEjH2 ssFÿFFFFCCabcdefghijklmnopqrstuvqxyzABCDEFGHIJKLMNO.
    Message-Id: <E19sv38-0007PG-E8@my.server.com>
    Date: Fri, 29 Aug 2003 21:01:10 -0500
    --------------------



    Does anyone have the same problem? How to fix it?

    "domain.com" does not use FormMail script for email.

    Any ideas?

    cPanel.net Support Ticket Number:
     
    #1 jdan6@2003, Aug 30, 2003
    Last edited: Aug 30, 2003
  2. Ehost4cheap

    Ehost4cheap Registered

    Joined:
    Aug 3, 2003
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    i got the same thing on one of my accounts.

    cPanel.net Support Ticket Number:
     
  3. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Same here.

    This email "bagnallb@aol.com " concerns me alot.

    :mad:

    cPanel.net Support Ticket Number:
     
  4. FWC

    FWC Well-Known Member

    Joined:
    May 13, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ontario, Canada
    In Tweak Settings in WHM check:

    Silently Discard all FormMail-clone requests with a bcc: header in the subject line
     
  5. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Vancouver, Canada
    So it seems to be not "automatically generated" spam e-mail. Rather it's a real-live attempt to use your cgi-sys/formmail scripts!

    There has been a lot of talk on the Forum regarding this that will show you how to disable it if you want to. The option to diable the BCC's seems to fix the latest vulnerability.

    cPanel.net Support Ticket Number:
     
  6. FWC

    FWC Well-Known Member

    Joined:
    May 13, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ontario, Canada
    Vulnerability is a bit strong. The BCC trick doesn't work. The emails don't get sent off server. The Tweak just prevents the local delivery of the failed attempts.
     
  7. tAzMaNiAc

    tAzMaNiAc Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sachse, TX
    Agreed. It's not even a vulnerability.

    Just a test/probe of your services much like fraudsters would do a test/fake new account signup.... Think people.

    Brenden

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page