Re: "Nigerian" SPAM uses vulnerability in web applications?

[Saqib Ali <docbook.xml () gmail com>]

> Today I received several spam reports and I guess they are sent
> through compromised web application of one of our customers.
> The fact is I can't figure out anything from the message headers, also
> from X-abuse headers except the exact time and my IP address.
> There is no strange traffic/cpu activity at that time and I don't find
> any "strange-looking" records in apache access and error logs.
> The email message contains the following text:
> ---------------------------------------------


I can't say much about this, till I see the original headers. i have
received nigerian scam emails from all sources, even web forms that
have been implement in a unsecure fashion.

in my web based email forms, i always include the IP address of the
client making the HTTP POST/GET request. this way i can atleast get
the IP address of the attacker.

also use only POST for all web based email forms. I have seen some
blog/email forms, where CSRF attacks are possible. Try to implement
techniques for minimizing CSRF attacks.

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/