Re: Help Needed with Perl cgi script and spam problem
- From: Knute Johnson <nospam@xxxxxxxxxxxxxxxxx>
- Date: Sun, 19 Mar 2006 15:31:19 -0800
axel@xxxxxxxxxxxxxxxxxxxxxx wrote:
>>> AFAIK the most typical problem is lack of sufficiently paranoid checks
of parameters entered into forms before passing them to sendmail e.g.
your script sends using "sendmail -t" (take recipeint addresses from
to:/cc: headers) and abusers use some other entries (e.g. *multiline*
subject) to insert "extra" to:/cc: headers.
I'm pretty sure that is how it was done but I really need to know exactly how to do it so I can fix the code to prevent it.
How on earth do you expect people to tell you *exactly* how to fix
an unseen script and without having access to the details of the
spam generated?
Axel
Well Axel, if you had really read my post, I wasn't asking for somebody to fix it but asking how they are attacked so I could fix it.
--
Knute Johnson
email s/nospam/knute/
.
- Follow-Ups:
- Re: Help Needed with Perl cgi script and spam problem
- From: axel
- Re: Help Needed with Perl cgi script and spam problem
- From: Mark Hobley
- Re: Help Needed with Perl cgi script and spam problem
- References:
- Help Needed with Perl cgi script and spam problem
- From: Knute Johnson
- Re: Help Needed with Perl cgi script and spam problem
- From: Andrzej Adam Filip
- Re: Help Needed with Perl cgi script and spam problem
- From: Knute Johnson
- Re: Help Needed with Perl cgi script and spam problem
- From: axel
- Help Needed with Perl cgi script and spam problem
- Prev by Date: Re: Help Needed with Perl cgi script and spam problem
- Next by Date: Re: Help Needed with Perl cgi script and spam problem
- Previous by thread: Re: Help Needed with Perl cgi script and spam problem
- Next by thread: Re: Help Needed with Perl cgi script and spam problem
- Index(es):
Relevant Pages
|
|
