Re: [Exim] common pattern in spam involving exim 4.34

Top Page
Delete this message
Reply to this message
Author: Suresh Ramasubramanian
Date:  
To: Giuliano Gavazzi, exim-users
Subject: Re: [Exim] common pattern in spam involving exim 4.34
At 06:23 PM 7/4/2004, Giuliano Gavazzi wrote:
>Received: from nobody by venus.select-servers.com with local (Exim
>4.34; FreeBSD)
>         id 1BgidS-000AEC-OM


Dollars to donuts that's a cpanel install on yet another $9 a month
webhost, and someone's done one of these -

1. found an exploitable cgi in cpanel

2. gone and installed a copy of Matt Wright's formmail or similar on that box

3. is a spammer and has installed a bulkmail cgi script

         srs