close

Privacy guaranteed - Your email is not shared with anyone.

Welcome to Glock Talk

Why should YOU join our Glock forum?

  • Converse with other Glock Enthusiasts
  • Learn about the latest hunting products
  • Becoming a member is FREE and EASY

If you consider yourself a beginner or an avid shooter, the Glock Talk community is your place to discuss self defense, concealed carry, reloading, target shooting, and all things Glock.

Help out a low-tech girl please?

Discussion in 'Tech Talk' started by Shoeless, Nov 19, 2005.

  1. Shoeless

    Shoeless Gun Totin' Girl

    1,654
    0
    Nov 25, 2001
    Planet Earth
    I'll try to be as thorough as possible, but ask any questions you think I haven't covered the answers to.

    1. I have a web site and it is hosted on my husband's company's server. They pay to have their own server through an outside company.

    2. On my web site, I have forms to contact me. You fill in your name, email, and your question, and it sends me an email automatically.

    3. Lately, I have been getting a LOT of strange emails that look as though they've come from people filling out the forms, but they are obviously not from humans. The form fields come through with gibberish in them, etc. I get MANY of these every day.

    4. Simultaneously, I am getting emails from people I don't even know, asking me to remove them from my list. Now, these people aren't even ON my list, I don't know who they are and how they are getting emails from my domain (catalystorganizing-dot-com) or else they look like they are coming from the server (tpstrategies-dot-com). It is making me look like some crazy crackpot spammer!!

    Is there some sort of crazy bot thing out there that is just randomly sending emails to random people that I don't know?? Could the nutty form fields data be tied to the sending of these emails?

    Is there anything I can do?

    Help!!!

    Thanks!!

    Shoeless, frustrated and annoyed

    ps: The lady who emailed me today (who is being very kind about the whole thing) said that the thinks our server maybe was hacked and some spammer is sending out mass emails from the tpstrategies server. Is this possible? And if so, what can we do to make the server safer from hackers?
     
  2. Bunny_FuFu_4u

    Bunny_FuFu_4u Bunny Hunter

    60
    0
    Nov 18, 2005
    Republic of Texas
    My group used to have forms on our website for a guestbook, but after taking turns cleaning up the mess from bots, viruses, and hackers, we ditched the idea and got rid of the forms. The most secure website is one that allows no user input of any kind. If you do have any input then you are going to need more security.
     


  3. David_G17

    David_G17 /\/\/\/\/\/\/\/

    2,046
    0
    Oct 7, 2002
  4. aspartz

    aspartz

    3,281
    133
    Oct 19, 2000
    Sandstone, MN 55072
    Is there a chance that people are using your server as a mail relay?

    ARS
     
  5. grantglock

    grantglock /dev/null

    219
    0
    Feb 20, 2004
    Iowa
    Whats the link to the form? It's pretty easy to tell if its an open relay, which is likely from what you are telling us.
     
  6. mail.catalystorganizing.com is the MX host for the server address and it tests as not allowing relays.
     
  7. IDtheTarget

    IDtheTarget

    47
    0
    Oct 10, 2005
    One tactic that spammers are using these days is to compromise a system, install a trojan, then close the hole that they used to get in. Then they use the trojan to send out the spam.

    However, this isn't as common if the server is kept up to date.

    What's more common is that a spammer will run a spider or use google to harvest real email addresses from websites, then use the website email address as the "from" address on the spam that they send out.

    To determine which is the case, the next time you receive a complaint from somebody who's received one of these emails, ask them to set their email client so that it shows ALL of the headers, copy the entire message (with headers) to a text file, and email it to you. If you'll post it here (or email it to me if you like) we can analyze whether the email actually came from your server from the headers.

    What operating systems are in use by your email and web server(s)? (Yes, I could determine that myself, but the tools I'd use are, um...frowned upon by my ISP. :) )
     
  8. Shoeless

    Shoeless Gun Totin' Girl

    1,654
    0
    Nov 25, 2001
    Planet Earth
    I am not sure what you mean by "what operating systems are in use by email and web servers." Sorry to be such a dolt.

    I am emailing the latest lady who got a suspicious email from me to see if she saved it and will copy the headers so I can post them here.

    Shoeless
     
  9. Shoeless

    Shoeless Gun Totin' Girl

    1,654
    0
    Nov 25, 2001
    Planet Earth
    Headers of the offending emails:

    Subject: Online Information Request
    Date: 11/19/2005 10:51:10 AM Central Standard Time
    From: reasury@dedicated.tpstrategies.com
    Reply To:
    To: monica@catalystorganizing.com
    Return-Path: <apache@dedicated.tpstrategies.com>
    Received: from rly-xn01.mx.aol.com (rly-xn01.mail.aol.com [172.20.83.114]) by air-xn02.mail.aol.com (v108.30) with ESMTP id MAILINXN24-627437f57e551; Sat, 19 Nov 2005 11:51:10 -0500
    Received: from dedicated.tpstrategies.com (207-36-201-140.ptr.primarydns.com [207.36.201.140]) by rly-xn01.mx.aol.com (v108.30) with ESMTP id MAILRELAYINXN15-627437f57e551; Sat, 19 Nov 2005 11:50:48 -0500
    Received: from dedicated.tpstrategies.com (localhost.localdomain [127.0.0.1])
    by dedicated.tpstrategies.com (8.12.10/8.12.10) with ESMTP id jAJGptct019039;
    Sat, 19 Nov 2005 08:51:56 -0800
    Received: (from apache@localhost)
    by dedicated.tpstrategies.com (8.12.10/8.12.10/Submit) id jAJGpox1019029;
    Sat, 19 Nov 2005 08:51:50 -0800
    Date: Sat, 19 Nov 2005 08:51:50 -0800
    Message-Id: <200511191651.jAJGpox1019029@dedicated.tpstrategies.com>
    To: monica@catalystorganizing.com
    Subject: Online Information Request
    From: reasury@dedicated.tpstrategies.com
    Content-Type: multipart/mixed; boundary=\"434e44e9c67b6efbdad7029c5c9dc211\"
    MIME-Version: 1.0
    X-AOL-IP: 207.36.201.140
    X-AOL-SCOLL-SCORE: 0:2:416482791:9932111
    X-AOL-SCOLL-URL_COUNT: 0

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    FYI, guys: TPStrategies is the name of my husband's company and it is HIS server where my web site is hosted.

    Thanks!!

    Shoeless
     
  10. IDtheTarget

    IDtheTarget

    47
    0
    Oct 10, 2005
    Shoeless,

    There are a couple of odd things in the headers as posted, but before I say something that I'll regret later ( ;) ), could you please post the headers from a valid entry? Say, if you were to do a dummy form entry yourself?

    Thanks!
     
  11. Shoeless

    Shoeless Gun Totin' Girl

    1,654
    0
    Nov 25, 2001
    Planet Earth
    This is one of the forms that came back today from my web site. Bear in mind that I have two problems...

    1. The form on my site is being filled out and emailed. (see below)
    2. Something is emailing random strangers using my server name (as in the post above)

    To: monica@catalystorganizing.com
    Subject: Online Information Request
    From: "feda@hotmail.com" <>


    Name: ÕÛ¿Ûȯ
    EMail: feda@hotmail.com
    Day Phone: 020-78907890
    Night Phone: 020-78907890


    Address:
    ȯ
    Address2: ȯ
    ȯ,


    Prior Help: yes


    Comments: ÓÅ»ÝÐÅÏ¢¡¢ÕÛ¿ÛÐÅÏ¢·Ç³£·á¸»¡£
     
  12. IDtheTarget

    IDtheTarget

    47
    0
    Oct 10, 2005
    Shoeless,

    Okay, Sorry about the long time to respond. I've been dealing with multiple issues and I'm afraid I haven't had a whole lot of time. :(

    First of all, looking at your headers again, they look legit (assuming that the person receiving the email has an AOL account). I think I was wrong about the bad headers in my previous post.

    It looks like your husband's server is running Sendmail 8.10.12 on a linux machine, though it would have been unfriendly of me to do an OS fingerprint to determine exactly which version and whether or it's up to date on their patches.

    One thing that immediately comes to mind is using Apache as a mail proxy. That's been a problem in the past.

    I can't find out much more about your server without going into "grey" area stuff, which would jeopardize my civilian and national guard jobs. And without knowing more (OS, patch levels, etc) I can't do too much more.

    I PM'd you with my cell number if you need additional help. I'm not a stalker or anything. :) I work for a state law enforcement agency. cmu7999321 can verify, I bought a laptop from him and he's shipping it to me at work.

    There are a few things that you can do to check out the server, but most of them entail taking the server down. Not something most people like to do.

    One thing would be to boot from a rescue CD version of linux and run chkrootkit (http://www.chkrootkit.org) to ensure that your box hasn't been rooted. A pretty good liveCD security distro is Knoppix-STD (which stands for Security Tool Distribution, not the other thing! :) ) at http://www.knoppix-std.org . Again, the problem there is that to do it right, you have to boot from the CD. Otherwise, if you try to scan and the box has been rooted, the scan won't detect the root kit.

    I'm pretty full through the weekend, but I'd be happy to help out one evening next week, or during the day Tuesday if you guys could use the help.

    Ben
     
  13. darth_rifle

    darth_rifle (null)

    55
    3
    Jun 25, 2000
    Metro NYC Area
    My short suggestion:

    Have someone with even minimal web design skills add a simple (pseudo-random) math question to the form, and ask the user to provide the answer. Use a server-side check.

    E.g.:
    Your Comments: [textarea]

    3 + 3 = [answer]

    This method will defeat most (if not all) post bots.

    HTH,

    - D. Rifle
     
  14. HVAC-TEK

    HVAC-TEK

    82
    0
    Jan 3, 2005
    Many forms now come with a picture or image of a word/phrase they require you to type in the phrase so as to prove your human. You see, bots or automated form fillers can’t READ pictures, so it can’t compute an answer.

    Look, most people here are forgetting that the company is hosting your site. I take it to mean that the server equipment doesn’t belong to you. There is not much that you personally can do. I recommend talking to the network Administrator about your problem, pointing out the possibility that his server is compromised should get his attention. I’m not unix/linux certified, so I can’t help you here. However I recommend removing the form and going with a basic page listing contact information and an email address. Any advantages your company gains from having the form will not overcome the negative publicity you’re doing to your potential clients.

    I receive junk mail all the time that bounces from site to site in such a way that it can not be blocked. I feel this is underhanded and although it’s a product I purchase, I will not purchase from THAT Company. I do not do business with underhanded people.

    Do you really want people thinking that way about your company?

    KIM