| Spam "Artists" Can Trick A Non-Spamming
| |
| | 11.1 Megabytes size(many million bytes up
|
| Website To Send Spam EmailsIt was the
| |
| | from its 0 bytes size when I uploaded it
|
| evening of Friday 16th June 2006, and I
| |
| | less than 9 days before)! Opening the
|
| was rounding up the updates on my
| |
| | file revealed huge volumes of email
|
| websites, when I decided to search online
| |
| | addresses and message contents,
|
| for and install another site
| |
| | originating from bogus "addresses" at my
|
| recommendation script on my website in
| |
| | sub domain e.g. ; ; stephannie@ ("who is
|
| place of the one that for some reason I
| |
| | SHE??", I said to myself) - and many,
|
| could not fathom, continued to return a
| |
| | many more!The Attack Had A Negative
|
| "500 - Internal Server Error" error. The
| |
| | Multiplier Effect - Which Is Why You
|
| Google search results page threw up a
| |
| | Would Be Wise To Prevent It HappeningWhen
|
| slew of referral scripts offering from
| |
| | my hosting account was suspended, my
|
| various authors - some free, others for
| |
| | websites could not be visited, nor could
|
| sale.At this time I was just keen to test
| |
| | I access mails sent to my webmail account
|
| and see if I could get one to work on my
| |
| | at my domain during that seven day
|
| site. Soon I settled for one called "The
| |
| | period. But that was just one side of it.
|
| PCman Website Refer a Friend" Within
| |
| | ALL the short URLs that I had created to
|
| minutes, I had it installed and running.
| |
| | point to various sub domains on my main
|
| One thing I did not do, and which I would
| |
| | website were put up for removal by the
|
| advise (based on the benefit of painful
| |
| | service provider, who placed a bookmark
|
| hindsight) ANYONE who uses third party
| |
| | update link on a page leading the to home
|
| scripts on his/her site to do, is to
| |
| | page - with the following message:"Due to
|
| check and confirm the programmer has
| |
| | enormous phishing spam with our sub
|
| taken pains to secure the script code
| |
| | domains () we will close this short url
|
| against exploitation (Specific details
| |
| | re-direction. Please update your
|
| links to URL resources on how to go about
| |
| | bookmarks. "One example of short URL that
|
| this provided further down).Note: It was
| |
| | was affected by this problem is which
|
| only after the event, and following
| |
| | points to - the mini site for my Creative
|
| prompts from my hosts that I checked and
| |
| | Business Solutions(CB Solutions) delivery
|
| found the PCManrefer script had
| |
| | service.My mind raced back to all the
|
| inadequate security written into the
| |
| | articles I had published at the Ezine
|
| code. The resulting "security hole" was
| |
| | articles directory, in which I had used
|
| what the hacker later exploited remotely
| |
| | the short URL addresses in the resource
|
| to launch a massive spam attack.On
| |
| | boxes invitation to readers(at the end of
|
| Tuesday 20th June 2006 a.m, I tried to
| |
| | the article). A number of those articles
|
| log into my web hosting account to upload
| |
| | carrying the short URLs had been
|
| files, but noticed the ftp tool I was
| |
| | syndicated on other websites, where I
|
| using kept returning an "incorrect
| |
| | would not have access to make changes to
|
| password" message. After trying
| |
| | them. I realised that it would only be a
|
| repeatedly, and confirming I was using
| |
| | matter of time before readers of some of
|
| the correct password, I decided to try
| |
| | my articles would find themselves
|
| logging in to my webmail - so as to send
| |
| | confronted with a "Page Not Found"
|
| an email to the support department for
| |
| | browser error, or a general advert page
|
| assistance. This presented a problem as
| |
| | for domain names sales etc - instead of
|
| well. Each time, I tried, I got a message
| |
| | my site: Definitely not good for the
|
| like "Dropped by ISMAP server". Now quite
| |
| | image I was trying to build online!I
|
| alarmed, I decided to type the URL to my
| |
| | provide the above details to give you an
|
| website - My worst fears came to pass -
| |
| | idea of just how bad this can be - so you
|
| The browser printed a "Page Not Found"
| |
| | can really understand why it would be in
|
| message in bold!At this point, I promptly
| |
| | your best interest to make sure you never
|
| went to my host's website and initiated a
| |
| | leave yourself open to the extent that
|
| chat session with the operator. The
| |
| | this type of problem can affect your
|
| following chat conversation took
| |
| | website.Taking Action To Prevent (Future)
|
| place:-----start of chat session------:
| |
| | AttacksI deleted the "pcmanrefer.pl"
|
| Hello! How may I help you?:
| |
| | script and the other two that were
|
| hiVisitor42152: HiVisitor42152: I cannot
| |
| | identified by the hosting provider's
|
| login to my webmail or access my entire
| |
| | administrator (see email above). I also
|
| websiteVisitor42152: MY reg no is : We
| |
| | removed another mailing list managment
|
| are writing to inform you that during the
| |
| | CGI script that I installed a month
|
| past 30 minutes your web hosting account
| |
| | before. In a way, I felt like I was
|
| (username = deleted) has sent 625
| |
| | taking medicine after death. :-) But at
|
| messages to the email subsystem of the
| |
| | least by this time, I actually had a
|
| hosting server. This is in violation of
| |
| | better idea of WHAT had happened, HOW,
|
| our terms of services, and as such, any
| |
| | and WHY - and what I could do to protect
|
| websites: belonging to that account have
| |
| | myself for the future. Next, I visited
|
| been taken offline.: In order to
| |
| | the URLs emailed to me by my web host.
|
| reactivate your account you will need to
| |
| | Out of curiosity, I also did a number of
|
| contact our support department and agree
| |
| | searches on Google, to see what else I
|
| not to abuse our servers again. Any
| |
| | could learn about "form post hijacking",
|
| further incidents like this will cause
| |
| | and spamming in general. Below, I provide
|
| our system to remove your account
| |
| | links to some useful resources I found.
|
| completely and without
| |
| | If you own a website, I think you will
|
| warningVisitor42152: I am working from a
| |
| | want to spend some time studying
|
| cyber cafe I normally do not use though
| |
| | them.IMPORTANT NOTE:1. It would interest
|
| it's close to my homeVisitor42152: I am
| |
| | you to know that I no longer use a site
|
| certain this is due to activities of
| |
| | referral script on my wesbsite. Instead I
|
| email hackers who use the same ISP as
| |
| | have developed a simple email
|
| these guys: send an email to
| |
| | recommendation template that anyone who
|
| Visitor42152: How long will it take to
| |
| | is so keen to tell another about my site
|
| resolve this?: 6 -12 hours---End of chat
| |
| | can use. Visit to see what i mean. There
|
| session------Well, I did not get it
| |
| | are many other effective ways to get
|
| resolved in 12 hours. In fact, by the
| |
| | marketing exposure for a website, and I
|
| time I was finished exchanging emails
| |
| | am currently modifying my website design
|
| with the support department, I learnt my
| |
| | marketing strategy to accommodate them.
|
| account would be suspended for 7 days,
| |
| | As time goes on, visitors to my website
|
| with the warning that if it happened
| |
| | will see ample evidence of this.2. Some
|
| again, my account would be reconsidered
| |
| | of the resources whose URLs are listed
|
| for termination without notice.How They
| |
| | below, were published as far back as
|
| Did It (i.e. Hijacking My Website
| |
| | 2002, so they might not exactly offer
|
| Referral Script's Form Post)Below, I
| |
| | relevant or effective remedies that can
|
| reproduce the exact text of the
| |
| | be successfully applied today. However,
|
| explanation given by my host's Abuse
| |
| | the educational value they offer towards
|
| Department, when I requested for details
| |
| | understanding the problem(s), in my
|
| that could help me understand how the
| |
| | opinion, would still make them worth a
|
| problem had occurred, and what I could do
| |
| | visit.So, with that note of warning, I
|
| to prevent a re-occurrence. You will
| |
| | wish you happy reading and good luck in
|
| notice that the Perl script I installed
| |
| | your fight to protect your website
|
| (i.e "pcmanrefer.pl") some days before
| |
| | against exploitation.Useful Learning
|
| the problem, was identified by the
| |
| | Problem-Solving Resources1. Using Apache
|
| administrator as one of three found to
| |
| | to stop bad robots | evolt.org - by
|
| have poor security built into their
| |
| | Daniel Cody
|
| code.--- "Aplus.Net Abuse Department"
| |
| | Why Some Scripts are dangerous to use
|
| wrote (I have re-arranged - but NOT
| |
| | on your Website - - By Anders
|
| edited - the text for readability):
| |
| | Brownworth
|
| > Hello,> Basically the attack is
| |
| | Interesting Crack Attempt to Relay Spam
|
| performed on scripts that trust the
| |
| | (Comment: this is actually a precursor to
|
| information that the submitter enters and
| |
| | the full article referred to me by my web
|
| are therefore easily exploitable. You can
| |
| | host titled "Form Post Hijacking - How to
|
| refer to these two documents that
| |
| | solve the problem.")4. By Anders
|
| describe in details this very specific
| |
| | Brownworth - Form Post Hijacking - How To
|
| attack:
| |
| | Solve The Problem article author - A
|
| have reviewed the spam evidence sent
| |
| | Hands-On How-To(Securing the CGI script
|
| to us and in the headers the subject is
| |
| | section - useful) - from Brass Cannon
|
| different every time which means the
| |
| | Consulting6. WWW Security FAQ: CGI
|
| script used is taking the input data from
| |
| | Scripts - -by Lincoln Stein () and John
|
| the visitor and doesn't edit it at
| |
| | Stewart () - hosted by the World Wide Web
|
| all:Subject: Incredibly undervalued,
| |
| | Consortium (W3C) as a service to the Web
|
| you'll not want to miss this opportunity
| |
| | Community.7. Stopping Spambots: A Spambot
|
| the protracted I have found several such
| |
| | Trap - How to block spambots, ban
|
| scripts in your FTP space: /cgi-bin
| |
| | spybots, and tell unwanted robots to go
|
| mailer/simplemail.pl
| |
| | ... Spamming of referer logs is a growing
|
| /cgi-bin/mailer/mailer.pl
| |
| | nuisance,
|
| /cgi-bin/pcmanrefer.plThere might be
| |
| | block_spambots_ban_spybots_and_tell_unwan
|
| others that are compromiseable too but
| |
| | ted_robots_to_go_to_hellSelf-Development
|
| you know better the structure of your
| |
| | Performance Enhancement Specialist - Tayo
|
| website and which exactly script is
| |
| | Solagbade - devotes his time to exploring
|
| sending the data unchanged. The bottom
| |
| | new frontiers of Self-Development
|
| line is to filter out all input data as
| |
| | Education, especially as it relates to
|
| suggested in the two articles above.Thank
| |
| | showing people what they can do by
|
| you,Clues Left Behind By The Hacker In My
| |
| | themselves, for themselves to achieve
|
| Server SpaceWhen I eventually gained
| |
| | their set goals - DESPITE the limitations
|
| access to my server space, I found
| |
| | of their circumstances or
|
| confirmation that it was indeed the
| |
| | environment.Download FREE demos of
|
| "pcmanrefer.pl" script that had been
| |
| | customisable Excel-VB driven spreadsheet
|
| exploited: Its referral log file
| |
| | application such as (1) an Automated
|
| (refer-log.txt), had grown to a massive
| |
| | Invoice, And Delivery Note Generator (2).
|
