WebApp Sec mailing list archives
Re: "Nigerian" SPAM uses vulnerability in web applications?
From: Saqib Ali <docbook.xml () gmail com>
Date: Tue, 12 Jul 2005 20:18:55 -0700
Today I received several spam reports and I guess they are sent through compromised web application of one of our customers. The fact is I can't figure out anything from the message headers, also from X-abuse headers except the exact time and my IP address. There is no strange traffic/cpu activity at that time and I don't find any "strange-looking" records in apache access and error logs. The email message contains the following text: ---------------------------------------------
I can't say much about this, till I see the original headers. i have received nigerian scam emails from all sources, even web forms that have been implement in a unsecure fashion. in my web based email forms, i always include the IP address of the client making the HTTP POST/GET request. this way i can atleast get the IP address of the attacker. also use only POST for all web based email forms. I have seen some blog/email forms, where CSRF attacks are possible. Try to implement techniques for minimizing CSRF attacks. -- In Peace, Saqib Ali http://www.xml-dev.com/blog/
Current thread:
- "Nigerian" SPAM uses vulnerability in web applications? Ed J. Aivazian (Jul 12)
- Re: "Nigerian" SPAM uses vulnerability in web applications? Saqib Ali (Jul 13)
- Re: "Nigerian" SPAM uses vulnerability in web applications? leighm (Jul 13)
- Re: "Nigerian" SPAM uses vulnerability in web applications? Ed J. Aivazian (Jul 13)