Curious mailbomb
I got a few hundred e-mails today in the space of a few minutes. The e-mails were identical, except they came from a few different sources. The spammer misused a feedback form, or so it seemed.
The mails came from e-mail addresses that included Free_Porn@ and some random domain names, but the return-path was usually from a working domain name - same as the server the hacker sent the e-mails through. The ones coming from a different server had the nonsense domains as return-path too (reminds me, that server - not mine - needs to be locked down a bit more).
The domain spamvertized in all those e-mails appears like an innocent bystander - constantpated.blogspot.com. I found spam for that same site other places (including gmane.linux.debian.devel.bugs.general a few days ago).
I wonder what the heck the bad guy is looking to accomplish?
October 29th, 2007 at 9:25 am
To me, the issue is not just what the spammer is trying to achieve; they may just be testing the forms and security before sending out the payload, or possibly, if you were the sole target, some form of DOS on your mail server.
More interestingly, I find it hard to understand that the owners of the servers with vulnerable forms don’t notice anything in their logs - even if it’s just a spike in the bandwidth being used.
I have to admit that I’ve had dealings with an organisation that should know better, and informed them of their vulnerability, shown them a demo of how it can be abused and then had them tell me that it’ll never happen to them - or words to that effect.
Do you know of any way to successfully persuade vulnerable hosts to tighten their security?