Re: sendmail spamming

[Chuck Swiger <chuck () codefab com>]

Robert E. Martin wrote:
[ ... ]
> I have just finished locking up and exploit in our email server. This 
> spawned from a formmail script left on our web server I neglected to 
> delete.

Good.  That is, it's good that you're securing your server.  It's not good that 
you need to do so in order to prevent someone else from abusing your resources.

> I noticed CPU activity spikes on the email server and found that our web 
> server was spamming our email server due to the classic formmail exploit.
> My question is this. What is the motivation behind such an expliot? What 
> is there to gain from this other than job security for a person like me? 
> This kind of action makes no sense to me.

The motivation behind spamming is simple: greed.  Spammers get paid somewhere 
between two and five cents per delivered message, which is why they'll send tens 
of thousands of messages at a time.

-Chuck


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards