Unix Security: The FormMail Hack

    Date09 Jun 2003
    4170
    Posted ByAnthony Pell
    Is your Web server being used as a Spam Mail relay? It could be, and it doesn't even need a daemon listening on the SMTP port. How's it done, and how do you prevent your system from becoming a target? Last . . . Is your Web server being used as a Spam Mail relay? It could be, and it doesn't even need a daemon listening on the SMTP port. How's it done, and how do you prevent your system from becoming a target? Last year while monitoring our SMTP stats, I noticed an unusual amount of input traffic to our Webserver. Curiosity got the best of me, so I started looking at the Web logs only to find thousands of attacks targeted at a Perl script known as FormMail.pl. A short time later, I started getting thousands of bounced email and complaints from hundreds of people blaming me for acting as a Spam relay. I questioned how this could be, as my Web server wasn't even listening on the SMTP port... or so I thought.
    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"4","type":"x","order":"1","pct":80,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":20,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.