Comments on: Curious mailbomb http://spamhuntress.com/2007/10/25/curious-mailbomb/ Just another WordPress weblog Fri, 29 Aug 2008 23:21:25 +0000 http://wordpress.org/?v=2.0.7 by: David Clarke http://spamhuntress.com/2007/10/25/curious-mailbomb/#comment-271728 Mon, 29 Oct 2007 15:25:43 +0000 http://spamhuntress.com/2007/10/25/curious-mailbomb/#comment-271728 To me, the issue is not just what the spammer is trying to achieve; they may just be testing the forms and security before sending out the payload, or possibly, if you were the sole target, some form of DOS on your mail server. More interestingly, I find it hard to understand that the owners of the servers with vulnerable forms don't notice anything in their logs - even if it's just a spike in the bandwidth being used. I have to admit that I've had dealings with an organisation that should know better, and informed them of their vulnerability, shown them a demo of how it can be abused and then had them tell me that it'll never happen to them - or words to that effect. Do you know of any way to successfully persuade vulnerable hosts to tighten their security? To me, the issue is not just what the spammer is trying to achieve; they may just be testing the forms and security before sending out the payload, or possibly, if you were the sole target, some form of DOS on your mail server.

More interestingly, I find it hard to understand that the owners of the servers with vulnerable forms don’t notice anything in their logs - even if it’s just a spike in the bandwidth being used.

I have to admit that I’ve had dealings with an organisation that should know better, and informed them of their vulnerability, shown them a demo of how it can be abused and then had them tell me that it’ll never happen to them - or words to that effect.

Do you know of any way to successfully persuade vulnerable hosts to tighten their security?

]]>