[Snort-users] html post question

Matt Kettler mkettler at ...4108...
Tue Dec 9 11:20:13 EST 2003


At 09:20 AM 12/9/2003, Rich Adamson wrote:
>We're seeing a number of hosts posting spam via this
>request2.cgi perl script on RH9 with Apache. Two questions:
>1. is this becoming a fairly common spamming method?

I've never seen this particular CGI before, but spam relaying via broken 
CGI scripts has been popular among spammers for a VERY long time... 
FormMail.pl has been a long time favorite, but the use of other CGI's 
doesn't surprise me.

Abusing insecure proxies (socks or HTTP) is also popular trick for 
spammers, as is installing trojan horses and/or backdoors, much like is 
done for DDoS attacks.








More information about the Snort-users mailing list