Results 1 to 5 of 5
  1. #1

    someone using my webaccount to spam others .. PLS HELP

    Last one week , I see my /mail/<domain>/inbox getting filled up (upto 20mb every few hours).

    I am getting some of the spam mails too ... When I check I find the header something like this:

    X-Apparently-To: [email protected] via; Thu, 06 May 2004 13:17:40 -0700
    Return-Path: <[email protected]>
    Received: from (EHLO ( by with SMTP; Thu, 06 May 2004 13:17:40 -0700
    X-Originating-IP: []
    Received: from ( []) by (8.12.10/8.12.10) with SMTP id i46KHcZW139472 for <[email protected]>; Thu, 6 May 2004 16:17:39 -0400
    Received: from for [email protected]; May 6 13:17:35 2004 -0700
    X-Yahoo-Forwarded: from [email protected] to [email protected]
    Received: from (EHLO ( by with SMTP; Thu, 06 May 2004 13:17:34 -0700
    Received: from CHANGED by with local (Exim 4.24) id 1BLpIs-0002rs-5V; Thu, 06 May 2004 16:17:10 -0400
    To: [email protected]
    From: [email protected] Add to Address Book
    Content-Type: multipart/alternative; boundary=6tTE97isYAJ
    Subject: Stocks to Own for Mid Year QX i4EC VpV g+JFMI Qb iDU7 bzgHS6 CN Mt
    Message-Id: <[email protected]>
    Date: Thu, 06 May 2004 16:17:10 -0400
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname -
    X-AntiAbuse: Original Domain -
    X-AntiAbuse: Originator/Caller UID/GID - [32036 32036] / [47 12]
    X-AntiAbuse: Sender Address Domain -
    Content-Length: 3306 is my webserver name.

    Also the inbox file in the mail dir lists a huge list of aol email ids ...
    Definitely it looks like someone is using my account ... to spam ...

    Can someone tell me how i can track that and stop this ...

  2. #2
    I don't have much experience with spam, but I'd imagine you could just delete that AOL list and the spammer wouldn't be able to use it anymore... Also, change your passwords, of course

  3. #3
    I would suggest you check whether any formmail script on your website was hacked. I know some other people got hacked because of the popular formmail script. I was a victim just a week ago, but my problem was caused by a Perl script written by myself.

    Not only Perl, but also PHP script can be hacked. So you need to make sure that you use the latest versions of whatever programs that you have. -- taking care of your web site

  4. #4

    can this script be misused for spamming ?


    # Get the input
    read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});

    # Split the name-value pairs
    @pairs = split(/&/, $buffer);

    foreach $pair (@pairs){
    ($name, $value) = split(/=/, $pair);

    $value =~ tr/+/ /;
    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
    $name =~ tr/+/ /;
    $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

    $form{$name} = $value;

    # Error sub, returns error to browser.

    sub return_null {
    my $msg = shift;
    print "Content-type: text/html\n\n";
    print "[$msg]";

    print "Content-type: text/html\n\n";
    print "<html><body bgcolor=\"#000000\">\n";

    if ($form{'to'}) {
    $form{'to'} =~ s/\s//g;
    @receipient = split(/\,/,$form{'to'});
    foreach $to (@receipient) {
    print "<br><br><br>\n";
    print "<font color=white>Thanks for recommending !! You may close this window <br><br></font> \n";

    } else
    print "<font color=white>Error : Specify atleast one receipient !! <BR></font>\n";
    print "<a href=\"tellfriends.html\"><font color=\"white\">Click here to fill it again!</font></a><br>\n";

    sub send_mail
    # Open The Mail
    open(MAIL, "|$mailprog -t") || die "Can't open $mailprog!\n";
    print MAIL "To: $to\n";
    print MAIL "From: $form{'from'}\n";
    print MAIL "Subject: $form{'sender'} here!!\n\n";
    print MAIL "Hi ,\n";
    print MAIL "Sorry for not mailing all these days .. look at \n";
    print MAIL "what I have found .. a great website .. ... \n";
    print MAIL "It has more than 2000 registered users .. \n";
    print MAIL "and live news weather and discussions .. \n";
    print MAIL " Check it out .. \n";
    print MAIL " I will mail you later .. till then...\n";
    print MAIL " see you , \n";
    print MAIL "$form{'sender'}\n";

    print "</body></html>";

    So is it possible to misuses this script to spam others without sending any one of the lines that I print in the script (for eg. It has more than 2000 registered users etc etc).


  5. #5
    Quite possible.

    At least one fatal security hole exists in your script: the receiver's email address is read from a form variable instead of being hard coded in your script. Any hacker can create a similar web form by modifying your original one, with the "To" field replaced by one of his spam addresses.

    I also have a similar Perl script that I allow visitors sending emails from web browser. It was revised based on some scripts that I read from O'Reilly book and internet. I avoided the similar mistake that you made by hard coding the receiver address in the Perl script. Still it was hacked a few days ago.

    I found it was mis-used from my web log: some non-sensed IP address accessed it repeatedly. To catch what was posted, I revised my original Perl script to store the posted content in a local disk file. After I read the file, it was like: holy ****, what is that? It was hundreds of email addresses in BCC: field, and my original hard coded receiver address (To: field) is mysteriouly empty. I suspected is was some kind of buffer overflow technique. But I haven't had time to look into it deeply.

    Because of that, I disabled all my web forms temporarily. If I want somebody to contact me, I just put my email address on the web using a java script technique to avoid being harvested by internet robots, a technique that I learned from WHT. Here is an example:

    <script LANGUAGE="JavaScript">
    <!-- Begin
    user = "support";
    site = "";
    document.write('<a href=\"mailto:' + user + '@' + site + '\">');
    document.write(user + '@' + site +'</a>');
    // End -->

    I would be interested to hear more examples on this issue from other people. -- taking care of your web site

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts