Web Hosting Talk






PDA

View Full Version : Weird email. Anyone?

[inx]Olly
08-21-2003, 06:24 AM
Hi guys,

I had weird email this morning that roused my suspision. Please check below:

From: 5u0TV@creativesell.com
Sent: 21 August 2003 08:45
To: 5u0TV@creativesell.com
Subject: http://www.creativesell.com/cgi-sys/formmail.pl
(192.93.19.125:80) bcc: bagnallb@aol.com nu2 sdx7yL u9cs FSC5lvTUVOKG
zXl4DR3 iKuSS867 rpD0xzGcFCTVL QQfKl x46A4IQ O 4 D
rVxYsgG3ZF˙FFFFCCabcdefghijklmnopqrstuvqxyzABCDEF.

body:
nu2
sd
x7yL u9cs FSC5lvTUVOKG zXl4DR3 iKuSS867
rpD0xzGcFCTVL QQfKl x46A4IQ O 4 D rVxYsgG3ZF˙FFFFCCabcdefghijklmnopqrstuvqxyzABCDEF

I am not the techi person in my company, and as they aren't in work yet I cannot ask them.

However, this worries me. Can anyone tell me what on earth it is, as it looks like some kind of exploit / hack attempt to me?
Adrian
08-21-2003, 06:36 AM
It looks like a spammer is testing the waters, with the intention of using your formmail.pl to send spam - it is advisable to disable all formmail scripts installed by CPanel and use more secure scripts.
[inx]Olly
08-21-2003, 07:11 AM
Thanks for the advice Adrian
Aqua
08-21-2003, 01:16 PM
Originally posted by Adrian
...it is advisable to disable all formmail scripts installed by CPanel and use more secure scripts.

:uhh:
do you have any suggestion of what to use instead?

thanx
wakkow
08-21-2003, 02:07 PM
I've heard that this is good, especially because it is a drop-in replacement for the Matt's one, which is probably the most widely used:

http://nms-cgi.sourceforge.net/scripts.shtml
bedlam
08-21-2003, 02:08 PM
Try Soupermail out:

http://soupermail.sourceforge.net/

Very cool, very configurable...

B
Adrian
08-21-2003, 03:21 PM
Originally posted by wakkow
I've heard that this is good, especially because it is a drop-in replacement for the Matt's one, which is probably the most widely used:

http://nms-cgi.sourceforge.net/scripts.shtml

Yes, that is the one we recommend as well :D
MartinK
08-21-2003, 04:43 PM
"It looks like a spammer is testing the waters"
Exactly. NB, this does not mean they have compromised your box it means they are tring to.
In fact the same spammer has tried my box and probably 1000's of others.
Check out http://www.serve.com/apg/spammers.html
MilkMan
08-21-2003, 04:58 PM
Yep, just received a few rejected emails of the same type and person. Looks like bagnallb is fishing again
Aqua
08-21-2003, 06:35 PM
thanx guys for the quick replies!