Full Disclosure mailing list archives
Re: HTTP request with SMTP message
From: Vincent Renardias <vincent () renardias com>
Date: Mon, 24 Nov 2003 18:59:05 +0100
On Mon, 2003-11-24 at 17:25, Tiago Halm wrote:
It's not the first time, but I gave up trying to figure it out. My IIS (port 80) received this HTTP request from x.x.x.x. Any thoughts ?
Yes: somebody is trying to see if your webserver has proxy-mode enabled and is trying to use this feature to relay spam. Cordialement,
---------------------------------------------------------------------------- ---------- POST http://x.x.x.x:25/ HTTP/1.1 Content-type: application/octet-stream Content-length: 540 Host: x.x.x.x HELO ps.com MAIL FROM:<vsuhfbovuhs () socal rr com> RCPT TO: <looc_si_maps () yahoo ie> DATA Message-ID: <080083058050049051046050050046055052046050052052058052058056048 () ps com>
[snip] -- Vincent RENARDIAS http://www.renardias.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- HTTP request with SMTP message Tiago Halm (Nov 24)
- Re: HTTP request with SMTP message Volker Tanger (Nov 24)
- Re: HTTP request with SMTP message Vincent Renardias (Nov 24)
- Re: HTTP request with SMTP message Lorenzo Hernandez Garcia-Hierro (Nov 24)
- Re: HTTP request with SMTP message Valdis . Kletnieks (Nov 24)
- <Possible follow-ups>
- RE: HTTP request with SMTP message Seamus Hartmann (Nov 24)