Home

   Home

   Download


Help

   FAQ

   Installation

   Message Board

   Importing Data File
   Into GoldMine
   Into Act


Other

   Testimonies

   Custom Programming

   PHP Version


Other Favorites

   Hire a clean comedian

   Bible Search Engine

   Bible in a Year

   Parallel Bible

   The Richer Life










 





[ Message Board Home ]    [ Post Reply ]    [ Log In ]    [ Sign Up ]



  Subject: Possible Bizmail Exploit?
  Posted: 12/27/2004 at 1:12:40 pm
  By: XenoPhage

Hi all,

Recently someone has used our bizmail form to relay spam to a large number of AOL addresses. I'm not sure exactly how they are doing this, but I know it's being done through bizmail. The bizmail.dat file contains a number of entries that this abuser has posted to the form, and as a result, hundreds and hundreds of spam emails have been sent to aol from our server.

Has anyone else had a problem with this? Any idea how to fix it? It appears to be a validation problem. My guess is that they sent escape characters through the form and tricked the perl script into doing something it wasn't meant to do ....

Any idead??



  Subject: Re: Possible Bizmail Exploit?
  Posted: 01/02/2005 at 12:27:57 pm
  By: codehawk

set okurls to 1 and take your shared ip address out of the okurl's and $send_attachement = "2"; personally i would not see how this could happen unless your on a shared ip address and you have the ip in your okurls other than that



  Subject: Re: Possible Bizmail Exploit?
  Posted: 01/02/2005 at 6:30:34 pm
  By: XenoPhage

ok, I've updated all of my scripts with the okurl settings... I'll monitor the situation from there... Hopefully this fixes it...

I sent my bizmail.dat file to Seth, maybe he'll have more insight...



  Subject: Re: Possible Bizmail Exploit?
  Posted: 01/11/2005 at 12:26:03 pm
  By: XenoPhage

No dice.. even with the okurl settings, this spammer is still able to send spam via the bizmail script .. :(



Reply To This Topic

Subject
Message  
Username
Password
Due to unrelated post's, you must have an
account to post a message. To Sign Up click here.




Copyright 2000-2010 Seth M. Knorr,
BizMailForm.com Forms Processor, All Rights Reserved