[ale] exploitable spam machines
synco gibraldter
synco at xodarap.net
Mon Sep 22 11:14:00 EDT 2003
has anybody noticed that lots of the spam received is coming from outdated vanilla
redhat machines with an exploitable version of openssh? i checked three of my
spams today and they were all very similar. i can only assume that these people
don't really care if the machine gets exploited because they have so many of them
acting as spam "drones" that can be rebuilt faster than they can be secured -- either
that or perhaps they were insecure machines that were taken over for the purposes
of spamming.
here's two of the hosts i found this morning:
38.117.36.195
64.119.221.218
also notice the open web port with the default apache test page on both of those
hosts. i'd like to see somebody make a mail filter script that checks if it's one of
those drones, roots, and shuts it down. bwahahahah
-- synco gibraldter
-- atlanta, ga
-- synco at xodarap.net
-- key id: 0xC5117E0A
More information about the Ale
mailing list