SPAMMERS DELIGHT: as feeble as feeble can be

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Monday, December 10, 2001

Forget about open relays. There is an extremely simple mailto form
application called mailto.exe available on the internet. Simply create your
html form, upload the mailto.exe into your cgi bin and fire away.

The problem is, as a courtesy, many ISP's or hosting companies or providers
of other web site 'things' give their clients, in painful detail, 
instructions on how to install and use this mailto.exe application.

The BIG problem is that these instructions include the provider's settings
including their smtp server name, and full path name to their directory
containing mailto.exe and it actually works !

For example:

<FORM ACTION="HTTP://WWW.MALWARE.COM/CGI-BIN/MAILTO.EXE"; METHOD="POST"> 
<INPUT TYPE="hidden" NAME="sendto" VALUE=billg@bloatedcorp.com> 
<INPUT TYPE="hidden" NAME="email" VALUE="hotsuezzz@xxxxxxrated.com"> 
<INPUT TYPE="hidden" NAME="server" VALUE="smtp.malware.com"> 
<INPUT TYPE="hidden" NAME="subject" VALUE="SPAM MONGER"> 
<INPUT TYPE="hidden" NAME="resulturl" VALUE=http://ww.malware.com> 

Name: <INPUT NAME="uname" SIZE=30> 
Position: <INPUT NAME="title" SIZE=30> 
Company: <INPUT NAME="company" SIZE=30> 
E-Mail: <INPUT NAME="email" SIZE=30> 
Comments:<TEXTAREA name="comments" ROWS=10 COLS=50 SIZE="10"></TEXTAREA>

Press <INPUT TYPE="submit" VALUE="Submit">
Idiot <INPUT TYPE="HALT !" VALUE="The Above Is A Example Only - The Data Is
Fake">

This can be inputted from any desktop html editor / viewer and emails can be
fired away. Because it is located on the provider's site (within their
domain), the smtp servers work and all IP addresses are theirs. In other
words, unlike a relay which can reveal the originating IP address, this
provides for none of that.

Trivial searching with our favorite engine, reveals 2 immediate, fully
functional provider's instruction including all their details, which work
exactly as described. No doubt deep searching will yield many many more.

Notes: there does not seem to be a single solution, other than to release
this and urge any and all providers, hosting services, other  to be aware
and remove or certainly not give your working server details.


---
http://www.malware.com





______________________________________________________________________________
Send a friend your Buddy Card and stay in contact always with Excite Messenger
http://messenger.excite.com
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux