[Tfug] wits end spoofing? or no

[Judy]

Thank you so much for your help Jon, I appreciate the information, the
better I can educate myself on this the better battle I can give lol.  Seems
we are outnumbered on this, more people wreaking havoc than helping.

Judy

> -----Original Message-----
> From: tfug-bounces at tfug.org [mailto:tfug-bounces at tfug.org] On Behalf Of
> Jon
> Sent: Thursday, February 02, 2006 1:24 PM
> To: Tucson Free Unix Group
> Subject: RE: [Tfug] wits end spoofing? or no
> 
> You could also use the timestamp of 1 Feb 2006 12:38:58 and search your
> Apache logs for anything around that time.
> 
> In the meantime though I would put in an attribute, via whatever scripting
> language you're using, to spit back the station IP filling out the form.
> This will accomplish a few things:
> 
> 1) you'll know their IP
> 2) it'll confirm they are using your form to spam
> 3) you can then block the f'er using iptables or whatever means you have
> available to you
> 
> I would also contemplate using captcha to curb this problem:
> http://en.wikipedia.org/wiki/Captcha
> 
> HTH
> 
> --
> Jon
> 
> Judy said:
> > I do, however I removed it for a while... and it didn't stop.  I guess I
> > should permanently remove it and see if it works this time. So
> frustrating
> >
> > Thanks Jon :o)
> >
> > Judy
> >
> >> -----Original Message-----
> >> From: tfug-bounces at tfug.org [mailto:tfug-bounces at tfug.org] On Behalf Of
> >> Jon
> >> Sent: Wednesday, February 01, 2006 11:14 PM
> >> To: Tucson Free Unix Group
> >> Subject: Re: [Tfug] wits end spoofing? or no
> >>
> >> Looks like a classic case of a script exploiting a form page. Got any
> of
> >> those on the box (forns)?
> >>
> >> --
> >> Jon
> >>
> >> Judy said:
> >> > Question, I have a dedicated server running redhat and I recently
> have
> >> > been
> >> > receiving 100's of emails a week, I thought it was spoofed, but it is
> >> > stranger than I am used to... we haven't figured out what the heck is
> >> > going
> >> > on.  I am hoping someone here has a better idea than I do : / Note:
> >> the
> >> > email changes the name each time, this one is lead, the last one is
> >> you,
> >> > two
> >> > me etc... the bcc is always the same as well (so weird)
> >> > TYIA
> >> >
> >> > Judy
> >> >
> >> >> -----Original Message-----
> >> >> From: lead at vn1108.fireboxhosting.com
> >> >> [mailto:lead at vn1108.fireboxhosting.com]
> >> >> Sent: Wednesday, February 01, 2006 12:39 PM
> >> >> To: doc at thebitdoctor.com
> >> >> Subject: Support from Website
> >> >>
> >> >> e57d607004dc7def74d1b2fbea23aa03
> >> >> .
> >> >> <>
> >> >>
> >> >> From: lead
> >> >> Content-Type: text/plain; charset=\"us-ascii\"
> >> >> MIME-Version: 1.0
> >> >> Content-Transfer-Encoding: 7bit
> >> >> Subject: one may
> >> >> bcc: charleses3299 at aol.com
> >> >>
> >> >> e57d607004dc7def74d1b2fbea23aa03
> >> >> .
> >> > Headers:
> >> >
> >> > Return-Path: <apache at vn1108.fireboxhosting.com>
> >> > Received: from vn1108.fireboxhosting.com (root at localhost)
> >> > 	by thebitdoctor.com (8.12.10/8.12.10) with ESMTP id k11Jd2Ba025779
> >> > 	for <doc at thebitdoctor.com>; Wed, 1 Feb 2006 12:39:02 -0700
> >> > X-ClientAddr: 127.0.0.1
> >> > Received: from vn1108.fireboxhosting.com (localhost.localdomain
> >> > [127.0.0.1])
> >> > 	by vn1108.fireboxhosting.com (8.12.10/8.12.10) with ESMTP id
> >> > k11Jcw67025775;
> >> > 	Wed, 1 Feb 2006 12:38:58 -0700
> >> > Received: (from apache at localhost)
> >> > 	by vn1108.fireboxhosting.com (8.12.10/8.12.10/Submit) id
> >> > k11JcwMG025773;
> >> > 	Wed, 1 Feb 2006 12:38:58 -0700
> >> > Date: Wed, 1 Feb 2006 12:38:58 -0700
> >> > Message-Id: <200602011938.k11JcwMG025773 at vn1108.fireboxhosting.com>
> >> > To: <doc at thebitdoctor.com>
> >> > Subject: Support from Website
> >> > from: lead at vn1108.fireboxhosting.com
> >> > Content-Type: text/plain; charset=\"us-ascii\"
> >> > MIME-Version: 1.0
> >> > Content-Transfer-Encoding: 7bit
> >> > Subject: one may
> >> > Status:
> >> > X-Antivirus: avast! (VPS 0605-4, 02/01/2006), Inbound message
> >> > X-Antivirus-Status: Clean