Damn Phishers …
I spent way too much time trying to track down this eBay phisher. Instead of exploiting someone’s Formmail.pl they apparently purchased a fraudulent account, and uploaded a PHP script that pulls a bunch of addresses from a databases and spams them all. So, qmail logs the messages as coming from Apache, whereas Formmail.pl would have been wrapped through suexec. And since one invocation can send thousands of messages, there’s no suspicious log activitity.
Fortunately, the contents of the spam message were stored in the PHP script. I finally ran a find-pipe-grep on our vhosts directory for ‘ebay.com’ and shut the slimey bastard sonuvabitch down. The HTTP requests to trigger the script came from Egypt at like 4AM local time.
Grr! Let’s waste my morning on nonsense.
Then we got another spam complaint for another shared hosting server, but after some basic checking, I wrote them back indicating that the header was forged, and they wanted to instead contact a cable company in Japan.
Time to take a walk, unwind, get some real work done, perhaps.
Comment / Tip
. . . or leave a Tip
Danny Howard is 100% responsible for the content on this site, except some of it is stolen.
All rights are reserved, unless otherwise noted. Generally, I'm a BSD guy, so you can assume implicit permission to adapt, modify, and redistribute my intellectual property with appropriate attribution. Except some of this content is itself re-appropriated, so you'd best ask first, especially for commercial use. Thanks!
You can contact me via e-mail: dannyman@toldme.com
Most of http://dannyman.toldme.com/ is powered by WordPress.
If you're hip to RSS and whatnot, you can subscribe to this site.
These links are for dannyman: login AND backlinks