Re: [nznog] Anyone from or know anyone at: Moebius Systems Ltd ...?
In message <1150318480.2779.3.camel(a)agree-17>, Glen Eustace writes:
On Thu, 2006-06-15 at 08:02 +1200, Justin Cook wrote:
He's offering Squirrelmail. I've seen squirrelmail used to relay spam lately (some of it using my domain as the return address, grr.) [...]
We have been a victim of this several times in the last couple of months.
It's not just squirrelmail either. I have a client with a webmail system that has been abused in a similar manner to send spam. In that case it appears that the spammers have created "legitimate" webmail mailboxes, and then used some automated tool as a way of injecting their messages in bulk. They've been closing the accounts and blocking the origin IPs as they find them, but it's been a bit of a case of whack-a-mole. They're working on other measures to block the spam/spammers. I must admit being surprised that the spammers aren't content using 0wn3d Microsoft Windows boxes as there's enough of those out there (and/or waiting to be 0wn3d). But perhaps the going rate for renting them is now too high. Or maybe outbound port 25 blocking is having some effect (much as I wish it weren't necessary to resort to that). Ewen
On 15/06/2006 10:09 a.m., Ewen McNeill wrote:
In message <1150318480.2779.3.camel(a)agree-17>, Glen Eustace writes:
On Thu, 2006-06-15 at 08:02 +1200, Justin Cook wrote:
He's offering Squirrelmail. I've seen squirrelmail used to relay spam lately (some of it using my domain as the return address, grr.) [...] We have been a victim of this several times in the last couple of months.
It's not just squirrelmail either.
I have a client with a webmail system that has been abused in a similar manner to send spam.
Ditto. Many PHP applications that make use of the mail() function are incorrectly coded and are vulnerable to header injection attacks, including older versions of squirrelmail and horde/imp. Refer: http://www.securephpwiki.com/index.php/Email_Injection -Simon
No kidding. I get dozens of automated attempts each week on every contact form for every website I host. I routinely go through and modify new sites to prevent this. I used to have it notify me of attempts but it was turning into a flood. I'm assuming that our governments are working hard to get to the root cause of this kind of behaviour and lock em up, but you don't hear about it happening very often. Even then their zombies go on trying. *Justin Cook* Developer http://www.skull.co.nz/ *Skype* justincookskull skype:justincookskull?call My status skype:justincookskull?call Simon Garner wrote:
On 15/06/2006 10:09 a.m., Ewen McNeill wrote:
In message <1150318480.2779.3.camel(a)agree-17>, Glen Eustace writes:
On Thu, 2006-06-15 at 08:02 +1200, Justin Cook wrote:
He's offering Squirrelmail. I've seen squirrelmail used to relay spam lately (some of it using my domain as the return address, grr.) [...]
We have been a victim of this several times in the last couple of months.
It's not just squirrelmail either.
I have a client with a webmail system that has been abused in a similar manner to send spam.
Ditto. Many PHP applications that make use of the mail() function are incorrectly coded and are vulnerable to header injection attacks, including older versions of squirrelmail and horde/imp.
Refer: http://www.securephpwiki.com/index.php/Email_Injection
-Simon
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On 6/15/06, Justin Cook
I'm assuming that our governments are working hard to get to the root cause of this kind of behaviour and lock em up, but you don't hear about it happening very often. Even then their zombies go on trying.
Maybe some independent government agency should set up a couple large Iron Ports in front of the SCC. Use our relative distance from the world to good effect. If we do some rough figures based on http://gigaom.com/2006/06/12/fun-facts-about-email/, even blocking some of the at least 28 TB of spam per day to NZ by 2010 might be useful.
participants (4)
-
Ewen McNeill -
Justin Cook -
Nicholas Lee -
Simon Garner