Eskimo North


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mailback.cgi




     I've had to disable mailback.cgi because someone has found a way to
exploit it to send to spam to arbitrary e-mail addresses.

     We've had a host check but the spammer got around this by forging the
from address as arbitrary addresses under one of the domains we host.

     They hit the server so hard (around 38,000 e-mails using socnw.org alone)
today that it was overloading the web server, invoking cgi scripts not being
the most effecient way of sending e-mail, so I had little choice but to disable
this until we can figure out how to secure it.

     Previously they had used a flaw in Apache to do this but we upgraded to
the most recent version so they found a work-around.

     They're hitting us from more than 100 addresses a day so just blocking
connects from certain addresses is not a practical remedy.

     I don't know perl so I don't know how to fix this; any help or suggestions
would be appreciated.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
   Knowledgable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.