Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Purdy (2383)

Purdy
  jasonNO@SPAMpurdy.info
http://purdy.info/
AOL IM: EmeraldWarp (Add Buddy, Send Message)
Yahoo! ID: jpurdy2 (Add User, Send Message)

Bleh - not feeling creative right now. You can check me out on PerlMonks [perlmonks.org].

Journal of Purdy (2383)

Tuesday May 13, 2003
09:36 AM

Spammer

[ #12169 ]

Yesterday morning, when I came into work, I was getting a lot of odd bouncebacks in my Inbox. Looking at them, they were bouncebacks from other servers that were rejecting connections from our server, so it was as if we were sending the spam. How odd ... because we don't send spam ourselves and I have open-relay turned off on our sendmail server.

So I login to the server and in the "top" display, I see a suspicious 'formail.pl' script running. Not a script I heard of or am familiar with (Google tells me it's one of Matt's infamous scripts), so I kill it and the spam stops. I go through the mail queue and delete any outgoing spam mail ('mailq' is a great command, btw). Then I try to find formail.pl on our server ... nothing. Can't find it anywhere, using both 'locate' and 'find'. Very odd ... leaves me with the bad feeling that there is a security hole somewhere on our system that spammers know about and can take advantage of.

Anyone else have something like that happen to them?

Peace,

Purdy

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.