[Snort-users] html post question
mkettler at ...4108...
Tue Dec 9 11:20:13 EST 2003
At 09:20 AM 12/9/2003, Rich Adamson wrote:
>We're seeing a number of hosts posting spam via this
>request2.cgi perl script on RH9 with Apache. Two questions:
>1. is this becoming a fairly common spamming method?
I've never seen this particular CGI before, but spam relaying via broken
CGI scripts has been popular among spammers for a VERY long time...
FormMail.pl has been a long time favorite, but the use of other CGI's
doesn't surprise me.
Abusing insecure proxies (socks or HTTP) is also popular trick for
spammers, as is installing trojan horses and/or backdoors, much like is
done for DDoS attacks.
More information about the Snort-users