Re: [exim] 419 spammer - Help with AUTH ACL

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MW B Hacker at <-
MW B Hacker at ->
Delete this message
Reply to this message
Author: Exim Users
Date:  
To: exim users
Subject: Re: [exim] 419 spammer - Help with AUTH ACL
On Mon, 01 Jun 2009 23:01:41 +0800 W B Hacker wrote:

..<snip>...
>
> It should not be as easy for an attack to suceed as you claim - your
> authentication may have holes in it.
>

Bill,

Just as a note, one of the "new" things that spammers have figured out
is to use the account settings as defined in a computers email client;
yes, everytime I have seen this happen the user has gotten one kind of
malware or another on the system, normally things they have installed...

Most people (whether they should or not) save the password so that they
never have to type it in. Any way, once they have the account settings,
they just send that information to other computers they have, and start
sending things.

And yes, I have seen some accounts, normally webmail accounts, get brute
forced, but only when the passwords have been 4 characters or less, or
when a password has been set as varation of the username.

..<snip>...

--

--EAL--

--



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] 419 spammer - Help with AUTH ACLRe: [exim] 419 spammer - Help with AUTH ACL->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)