Plan every detail of your perfect wedding
 

Welcome to our wedding planning Archive

 

(Browse for more articles)

 

Hacker's Exploitation Of A CGI Script On My Site To Send Massive Spam Emails - Hard Lessons Learnt!

Spam "Artists" Can Trick A Non-Spamming 11.1 Megabytes size(many million bytes up
Website To Send Spam EmailsIt was the from its 0 bytes size when I uploaded it
evening of Friday 16th June 2006, and I less than 9 days before)! Opening the
was rounding up the updates on my file revealed huge volumes of email
websites, when I decided to search online addresses and message contents,
for and install another site originating from bogus "addresses" at my
recommendation script on my website in sub domain e.g. ; ; stephannie@ ("who is
place of the one that for some reason I SHE??", I said to myself) - and many,
could not fathom, continued to return a many more!The Attack Had A Negative
"500 - Internal Server Error" error. The Multiplier Effect - Which Is Why You
Google search results page threw up a Would Be Wise To Prevent It HappeningWhen
slew of referral scripts offering from my hosting account was suspended, my
various authors - some free, others for websites could not be visited, nor could
sale.At this time I was just keen to test I access mails sent to my webmail account
and see if I could get one to work on my at my domain during that seven day
site. Soon I settled for one called "The period. But that was just one side of it.
PCman Website Refer a Friend" Within ALL the short URLs that I had created to
minutes, I had it installed and running. point to various sub domains on my main
One thing I did not do, and which I would website were put up for removal by the
advise (based on the benefit of painful service provider, who placed a bookmark
hindsight) ANYONE who uses third party update link on a page leading the to home
scripts on his/her site to do, is to page - with the following message:"Due to
check and confirm the programmer has enormous phishing spam with our sub
taken pains to secure the script code domains () we will close this short url
against exploitation (Specific details re-direction. Please update your
links to URL resources on how to go about bookmarks. "One example of short URL that
this provided further down).Note: It was was affected by this problem is which
only after the event, and following points to - the mini site for my Creative
prompts from my hosts that I checked and Business Solutions(CB Solutions) delivery
found the PCManrefer script had service.My mind raced back to all the
inadequate security written into the articles I had published at the Ezine
code. The resulting "security hole" was articles directory, in which I had used
what the hacker later exploited remotely the short URL addresses in the resource
to launch a massive spam attack.On boxes invitation to readers(at the end of
Tuesday 20th June 2006 a.m, I tried to the article). A number of those articles
log into my web hosting account to upload carrying the short URLs had been
files, but noticed the ftp tool I was syndicated on other websites, where I
using kept returning an "incorrect would not have access to make changes to
password" message. After trying them. I realised that it would only be a
repeatedly, and confirming I was using matter of time before readers of some of
the correct password, I decided to try my articles would find themselves
logging in to my webmail - so as to send confronted with a "Page Not Found"
an email to the support department for browser error, or a general advert page
assistance. This presented a problem as for domain names sales etc - instead of
well. Each time, I tried, I got a message my site: Definitely not good for the
like "Dropped by ISMAP server". Now quite image I was trying to build online!I
alarmed, I decided to type the URL to my provide the above details to give you an
website - My worst fears came to pass - idea of just how bad this can be - so you
The browser printed a "Page Not Found" can really understand why it would be in
message in bold!At this point, I promptly your best interest to make sure you never
went to my host's website and initiated a leave yourself open to the extent that
chat session with the operator. The this type of problem can affect your
following chat conversation took website.Taking Action To Prevent (Future)
place:-----start of chat session------: AttacksI deleted the "pcmanrefer.pl"
Hello! How may I help you?: script and the other two that were
hiVisitor42152: HiVisitor42152: I cannot identified by the hosting provider's
login to my webmail or access my entire administrator (see email above). I also
websiteVisitor42152: MY reg no is : We removed another mailing list managment
are writing to inform you that during the CGI script that I installed a month
past 30 minutes your web hosting account before. In a way, I felt like I was
(username = deleted) has sent 625 taking medicine after death. :-) But at
messages to the email subsystem of the least by this time, I actually had a
hosting server. This is in violation of better idea of WHAT had happened, HOW,
our terms of services, and as such, any and WHY - and what I could do to protect
websites: belonging to that account have myself for the future. Next, I visited
been taken offline.: In order to the URLs emailed to me by my web host.
reactivate your account you will need to Out of curiosity, I also did a number of
contact our support department and agree searches on Google, to see what else I
not to abuse our servers again. Any could learn about "form post hijacking",
further incidents like this will cause and spamming in general. Below, I provide
our system to remove your account links to some useful resources I found.
completely and without If you own a website, I think you will
warningVisitor42152: I am working from a want to spend some time studying
cyber cafe I normally do not use though them.IMPORTANT NOTE:1. It would interest
it's close to my homeVisitor42152: I am you to know that I no longer use a site
certain this is due to activities of referral script on my wesbsite. Instead I
email hackers who use the same ISP as have developed a simple email
these guys: send an email to recommendation template that anyone who
Visitor42152: How long will it take to is so keen to tell another about my site
resolve this?: 6 -12 hours---End of chat can use. Visit to see what i mean. There
session------Well, I did not get it are many other effective ways to get
resolved in 12 hours. In fact, by the marketing exposure for a website, and I
time I was finished exchanging emails am currently modifying my website design
with the support department, I learnt my marketing strategy to accommodate them.
account would be suspended for 7 days, As time goes on, visitors to my website
with the warning that if it happened will see ample evidence of this.2. Some
again, my account would be reconsidered of the resources whose URLs are listed
for termination without notice.How They below, were published as far back as
Did It (i.e. Hijacking My Website 2002, so they might not exactly offer
Referral Script's Form Post)Below, I relevant or effective remedies that can
reproduce the exact text of the be successfully applied today. However,
explanation given by my host's Abuse the educational value they offer towards
Department, when I requested for details understanding the problem(s), in my
that could help me understand how the opinion, would still make them worth a
problem had occurred, and what I could do visit.So, with that note of warning, I
to prevent a re-occurrence. You will wish you happy reading and good luck in
notice that the Perl script I installed your fight to protect your website
(i.e "pcmanrefer.pl") some days before against exploitation.Useful Learning
the problem, was identified by the Problem-Solving Resources1. Using Apache
administrator as one of three found to to stop bad robots | evolt.org - by
have poor security built into their Daniel Cody
code.--- "Aplus.Net Abuse Department" Why Some Scripts are dangerous to use
wrote (I have re-arranged - but NOT on your Website - - By Anders
edited - the text for readability): Brownworth
> Hello,> Basically the attack is Interesting Crack Attempt to Relay Spam
performed on scripts that trust the (Comment: this is actually a precursor to
information that the submitter enters and the full article referred to me by my web
are therefore easily exploitable. You can host titled "Form Post Hijacking - How to
refer to these two documents that solve the problem.")4. By Anders
describe in details this very specific Brownworth - Form Post Hijacking - How To
attack: Solve The Problem article author - A
have reviewed the spam evidence sent Hands-On How-To(Securing the CGI script
to us and in the headers the subject is section - useful) - from Brass Cannon
different every time which means the Consulting6. WWW Security FAQ: CGI
script used is taking the input data from Scripts - -by Lincoln Stein () and John
the visitor and doesn't edit it at Stewart () - hosted by the World Wide Web
all:Subject: Incredibly undervalued, Consortium (W3C) as a service to the Web
you'll not want to miss this opportunity Community.7. Stopping Spambots: A Spambot
the protracted I have found several such Trap - How to block spambots, ban
scripts in your FTP space: /cgi-bin spybots, and tell unwanted robots to go
mailer/simplemail.pl ... Spamming of referer logs is a growing
/cgi-bin/mailer/mailer.pl nuisance,
/cgi-bin/pcmanrefer.plThere might be block_spambots_ban_spybots_and_tell_unwan
others that are compromiseable too but ted_robots_to_go_to_hellSelf-Development
you know better the structure of your Performance Enhancement Specialist - Tayo
website and which exactly script is Solagbade - devotes his time to exploring
sending the data unchanged. The bottom new frontiers of Self-Development
line is to filter out all input data as Education, especially as it relates to
suggested in the two articles above.Thank showing people what they can do by
you,Clues Left Behind By The Hacker In My themselves, for themselves to achieve
Server SpaceWhen I eventually gained their set goals - DESPITE the limitations
access to my server space, I found of their circumstances or
confirmation that it was indeed the environment.Download FREE demos of
"pcmanrefer.pl" script that had been customisable Excel-VB driven spreadsheet
exploited: Its referral log file application such as (1) an Automated
(refer-log.txt), had grown to a massive Invoice, And Delivery Note Generator (2).




www.dahliainvites.com keyword stats [2007-03-10-2007-03-10]



Daily top traffic source : MSN
Most current MSN search phrases:

wedding invitation wording ediquette evening invitation template
invitation ediquette wedding shower ediquette
"backyard wedding decorations" wedding invitation ediquette
invitation verbage homemade wedding invitation kits

Other search phrases:

response card verbage party invitation invites templates
wedding shower table center pieces wedding shower invitation sayings
wedding party ettiquite Invitations ettiquite
verbage for 50th anniversary invitations Wedding ettiquite
25 aniversary party invitations free tea party invites
long sleeve wedding dresses wedding bouquets
Invitation borders 50th wedding clipart borders
wedding planning nyc design your own wedding invitations
Bridal Shower edicate Printable party clipart
Free Formal Dinner Invitation Template wedding planning timeline
calligraphy wedding invitations 50th Wedding Anniversary Invitations
HANDMADE 50TH ANNIVERSARY INVITATION funky wedding invitation wording
anniversary wordings with clipart





1 - A - B - C - D - E - F - G - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 - 21 - 22 - 23 - 24 - 25 - 26 - 27 - 28 - 29 - 30 - 31 - 32 - 33 - 34 - 35 - 36 - 37 - 38 - 39 - 40 - 41 - 42 - 43 - 44 -