[ic] Mail forms under attack!!
maillists
lists at gmnet.net
Wed Jan 18 18:07:08 EST 2006
On Wed, 2006-01-18 at 22:26 +0000, Kevin Walsh wrote:
> "N.E.S.T. Solutions" <nest_consulting at yahoo.ca> wrote:
> > > > > Is there a way to check the referer so that ONLY forms on my
> > > > > localhost are processed?
> > > > >
> > > > > What other security measures can I take on my mail and
> > > > > other forms.
> > > > > Like I said allot of my sites use LOTS of forms...
> > > > >
> > > > > (I just upgraded to IC5.4 from IC5.2)
> > > > >
> >
> > [snip]
> >
> Just out of interest, is the spam targetted at you or is the spammer
> able to use your form to send articles to other people?
>
> If the spam is targeted at you then the previously-referenced tips may
> help. If your form is allowing the spam to be sent to others then
> that's a different matter altogether, and one that would require
> urgent attention.
>
Hi Kevin,
Thanks for your reply! The spam is targeted at OTHERS!! (makes me really
upset!) My sendmail/Mailscanner is not a relay. Only localhost (apache)
can send mail.
I realize that this might not really be an Interchange thing, so I have
posted for help on other lists as well. I'm not even sure that it is a
problem with the mail forms, but I want to tighten them up as much as
possible.
I am using Redhat Linux, IC5.4, Mailscanner, and Sendmail. This is a new
line item in my daily Logwatch that just started to appear:
<snip>
Authentication warnings:
apache set sender to info at gmnet.net using -f: 7 Times(s)
</snip>
(info at gmnet.net is a real user on my sys.)
Any help would be really appreciated. Until then, I am keeping a close
eye on my mqueue and even shutting down sendmail when needed...
Sorry if any of you are getting spam from this... Yesterday I got over
23,000 undeliverables in my inbox...
Thanks
Rick
More information about the interchange-users
mailing list