Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Help Needed with Perl cgi script and spam problem

Reply
Thread Tools

Help Needed with Perl cgi script and spam problem

 
 
Knute Johnson
Guest
Posts: n/a
 
      03-18-2006
I need some help finding the correct place to go to get specific help.
We have a script that uses sendmail to send form data to the site owner.
Last night somebody managed to use it to send thousands of spam
emails. I need to find the right place to ask about the script to
determine exactly how the attack was accomplished so we can fix the
script. Any direction would be greatly appreciated.

--

Knute Johnson
email s/nospam/knute/
 
Reply With Quote
 
 
 
 
Jürgen Exner
Guest
Posts: n/a
 
      03-18-2006
Knute Johnson wrote:
> I need some help finding the correct place to go to get specific help.
> We have a script that uses sendmail to send form data to the site
> owner. Last night somebody managed to use it to send thousands of spam
> emails. I need to find the right place to ask about the script to
> determine exactly how the attack was accomplished so we can fix the
> script. Any direction would be greatly appreciated.


Why don't you ask the author of the script?

jue


 
Reply With Quote
 
 
 
 
Knute Johnson
Guest
Posts: n/a
 
      03-18-2006
Jürgen Exner wrote:
> Knute Johnson wrote:
>> I need some help finding the correct place to go to get specific help.
>> We have a script that uses sendmail to send form data to the site
>> owner. Last night somebody managed to use it to send thousands of spam
>> emails. I need to find the right place to ask about the script to
>> determine exactly how the attack was accomplished so we can fix the
>> script. Any direction would be greatly appreciated.

>
> Why don't you ask the author of the script?
>
> jue


Because he doesn't know how it was attacked. I'm hoping there is
somebody around here that would have a clue.

--

Knute Johnson
email s/nospam/knute/
 
Reply With Quote
 
Andrzej Adam Filip
Guest
Posts: n/a
 
      03-18-2006
Knute Johnson <(E-Mail Removed)> writes:

> I need some help finding the correct place to go to get specific help.
> We have a script that uses sendmail to send form data to the site owner.
> Last night somebody managed to use it to send thousands of spam
> emails. I need to find the right place to ask about the script to
> determine exactly how the attack was accomplished so we can fix the
> script. Any direction would be greatly appreciated.


If you want to ask questions in public then I would suggest one of
comp.lang.perl* groups and/or comp.mail.sendmail.

You may post short description of the problem and link to the source of
the script (or the relevant part of the script).

AFAIK the most typical problem is lack of sufficiently paranoid checks
of parameters entered into forms before passing them to sendmail e.g.
your script sends using "sendmail -t" (take recipeint addresses from
to:/cc: headers) and abusers use some other entries (e.g. *multiline*
subject) to insert "extra" to:/cc: headers.

P.S. Sorry if I grossly underestimated your computer skills.

--
[pl2en Andrew] Andrzej Adam Filip : http://www.velocityreviews.com/forums/(E-Mail Removed) : (E-Mail Removed)
http://anfi.homeunix.net/
 
Reply With Quote
 
Knute Johnson
Guest
Posts: n/a
 
      03-18-2006
Andrzej Adam Filip wrote:
> Knute Johnson <(E-Mail Removed)> writes:
>
> AFAIK the most typical problem is lack of sufficiently paranoid checks
> of parameters entered into forms before passing them to sendmail e.g.
> your script sends using "sendmail -t" (take recipeint addresses from
> to:/cc: headers) and abusers use some other entries (e.g. *multiline*
> subject) to insert "extra" to:/cc: headers.


I'm pretty sure that is how it was done but I really need to know
exactly how to do it so I can fix the code to prevent it.

> P.S. Sorry if I grossly underestimated your computer skills.


This is one subject I don't know much about so I would appreciate as
detailed a description that you can give me.

Thanks,

--

Knute Johnson
email s/nospam/knute/
 
Reply With Quote
 
Mark Hobley
Guest
Posts: n/a
 
      03-18-2006
Knute Johnson <(E-Mail Removed)> wrote:
>
> I'm pretty sure that is how it was done but I really need to know
> exactly how to do it so I can fix the code to prevent it.


http://markhobley.yi.org:8000/CGISecurity

Regards,

Mark.

--
Mark Hobley
393 Quinton Road West
QUINTON
Birmingham
B32 1QE

Telephone: (0121) 247 1596
International: 0044 121 247 1596

Email: markhobley at hotpop dot donottypethisbit com

http://markhobley.yi.org/

 
Reply With Quote
 
axel@white-eagle.invalid.uk
Guest
Posts: n/a
 
      03-19-2006
Knute Johnson <(E-Mail Removed)> wrote:
> Andrzej Adam Filip wrote:
>> Knute Johnson <(E-Mail Removed)> writes:


>> AFAIK the most typical problem is lack of sufficiently paranoid checks
>> of parameters entered into forms before passing them to sendmail e.g.
>> your script sends using "sendmail -t" (take recipeint addresses from
>> to:/cc: headers) and abusers use some other entries (e.g. *multiline*
>> subject) to insert "extra" to:/cc: headers.


> I'm pretty sure that is how it was done but I really need to know
> exactly how to do it so I can fix the code to prevent it.


How on earth do you expect people to tell you *exactly* how to fix
an unseen script and without having access to the details of the
spam generated?

I suggest hiring a Perl programmer and/or switching to a more reliable
script.

Axel

 
Reply With Quote
 
Knute Johnson
Guest
Posts: n/a
 
      03-19-2006
(E-Mail Removed) wrote:
>>> AFAIK the most typical problem is lack of sufficiently paranoid checks
>>> of parameters entered into forms before passing them to sendmail e.g.
>>> your script sends using "sendmail -t" (take recipeint addresses from
>>> to:/cc: headers) and abusers use some other entries (e.g. *multiline*
>>> subject) to insert "extra" to:/cc: headers.

>
>> I'm pretty sure that is how it was done but I really need to know
>> exactly how to do it so I can fix the code to prevent it.

>
> How on earth do you expect people to tell you *exactly* how to fix
> an unseen script and without having access to the details of the
> spam generated?
>
> Axel


Well Axel, if you had really read my post, I wasn't asking for somebody
to fix it but asking how they are attacked so I could fix it.

--

Knute Johnson
email s/nospam/knute/
 
Reply With Quote
 
Mark Hobley
Guest
Posts: n/a
 
      03-20-2006
Knute Johnson <(E-Mail Removed)> wrote:

> Well Axel, if you had really read my post, I wasn't asking for somebody
> to fix it but asking how they are attacked so I could fix it.


The method of attack depends on the weakness in the script, we would need to
see it to comment on this.

Read up on "CGI Security" to get an idea of the different methods that could
have been used.

Regards,

Mark.

--
Mark Hobley
393 Quinton Road West
QUINTON
Birmingham
B32 1QE

Telephone: (0121) 247 1596
International: 0044 121 247 1596

Email: markhobley at hotpop dot donottypethisbit com

http://markhobley.yi.org/

 
Reply With Quote
 
axel@white-eagle.invalid.uk
Guest
Posts: n/a
 
      03-20-2006
Knute Johnson <(E-Mail Removed)> wrote:
> (E-Mail Removed) wrote:
> >>> AFAIK the most typical problem is lack of sufficiently paranoid checks
>>>> of parameters entered into forms before passing them to sendmail e.g.
>>>> your script sends using "sendmail -t" (take recipeint addresses from
>>>> to:/cc: headers) and abusers use some other entries (e.g. *multiline*
>>>> subject) to insert "extra" to:/cc: headers.


>>> I'm pretty sure that is how it was done but I really need to know
>>> exactly how to do it so I can fix the code to prevent it.


>> How on earth do you expect people to tell you *exactly* how to fix
>> an unseen script and without having access to the details of the
>> spam generated?


> Well Axel, if you had really read my post, I wasn't asking for somebody
> to fix it but asking how they are attacked so I could fix it.


The same applies... how do you expect people to figure that out without
knowledge of the script and details of the spam? There are some very
old vulnerable scripts out there on the net which will accept all
kinds of parameters which can be used as possible hooks into generating
spam.

If you were to give the name of the script and a reference to the source,
then probably you would get far better responses other than general
advice on how to prevent spamming CGI mail scripts.

For example... useful details would be what was the spam? All to
the same form indicating a denial of service of attack; using Cc: and
Bcc: fields to send mail elsewhere; trying to spam multiple addresses
at your domain?

Axel
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
what's wrong calling a Perl/CGI script in Perl/CGI script under Tomcat server? kath Perl Misc 4 04-09-2007 09:21 PM
CGI: Execute a perl script inside another perl script xdarcos@hotmail.com Perl Misc 20 01-18-2005 12:33 PM



Advertisments