[Tfug] wits end spoofing? or no

Jon bigj at tfug.org
Wed Feb 1 23:13:38 MST 2006 

Looks like a classic case of a script exploiting a form page. Got any of
those on the box (forns)?

--
Jon

Judy said:
> Question, I have a dedicated server running redhat and I recently have
> been
> receiving 100's of emails a week, I thought it was spoofed, but it is
> stranger than I am used to... we haven't figured out what the heck is
> going
> on.  I am hoping someone here has a better idea than I do : / Note: the
> email changes the name each time, this one is lead, the last one is you,
> two
> me etc... the bcc is always the same as well (so weird)
> TYIA
>
> Judy
>
>> -----Original Message-----
>> From: lead at vn1108.fireboxhosting.com
>> [mailto:lead at vn1108.fireboxhosting.com]
>> Sent: Wednesday, February 01, 2006 12:39 PM
>> To: doc at thebitdoctor.com
>> Subject: Support from Website
>>
>> e57d607004dc7def74d1b2fbea23aa03
>> .
>> <>
>>
>> From: lead
>> Content-Type: text/plain; charset=\"us-ascii\"
>> MIME-Version: 1.0
>> Content-Transfer-Encoding: 7bit
>> Subject: one may
>> bcc: charleses3299 at aol.com
>>
>> e57d607004dc7def74d1b2fbea23aa03
>> .
> Headers:
>
> Return-Path: <apache at vn1108.fireboxhosting.com>
> Received: from vn1108.fireboxhosting.com (root at localhost)
> 	by thebitdoctor.com (8.12.10/8.12.10) with ESMTP id k11Jd2Ba025779
> 	for <doc at thebitdoctor.com>; Wed, 1 Feb 2006 12:39:02 -0700
> X-ClientAddr: 127.0.0.1
> Received: from vn1108.fireboxhosting.com (localhost.localdomain
> [127.0.0.1])
> 	by vn1108.fireboxhosting.com (8.12.10/8.12.10) with ESMTP id
> k11Jcw67025775;
> 	Wed, 1 Feb 2006 12:38:58 -0700
> Received: (from apache at localhost)
> 	by vn1108.fireboxhosting.com (8.12.10/8.12.10/Submit) id
> k11JcwMG025773;
> 	Wed, 1 Feb 2006 12:38:58 -0700
> Date: Wed, 1 Feb 2006 12:38:58 -0700
> Message-Id: <200602011938.k11JcwMG025773 at vn1108.fireboxhosting.com>
> To: <doc at thebitdoctor.com>
> Subject: Support from Website
> from: lead at vn1108.fireboxhosting.com
> Content-Type: text/plain; charset=\"us-ascii\"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Subject: one may
> Status:
> X-Antivirus: avast! (VPS 0605-4, 02/01/2006), Inbound message
> X-Antivirus-Status: Clean
>
>
> _______________________________________________
> tfug mailing list
> tfug at tfug.org
> http://www.tfug.org/mailman/listinfo/tfug
>

More information about the tfug mailing list