CubeSoft says there isn't any way to prevent it because there is nothing that stops a spammer from using a fake return e-mail address.
Unfortunately, they are 100% correct. The spammer is just using your server as a destination for MX record lookups. When a spam is sent, most receiving e-mail servers will try to do a reverse lookup on the "from" or "recip" address via a DNS lookup or an MX lookup. This prevents the spammer from just blanketing a server with a completely made up "from" addresses (which used to be a popular tactic). The spammer now has to have a legit domain, so he used yours and just made up the account portion.
So, what happens when the receiving e-mail server tries to verify account name too? The spammer has to use someone's real account name (which has happened to me more than once). Since the spammer is using his own mail server to send the messages, your account and domain names don't only get checked ageanst your mail server when the recipient server tries to verify that they exist and not when the spam is originally sent. Thus, it's almost impossible to prevent.
Your only hope is finding the spammer somehow and making them miserable in some way (getting their ISP to cut them off, legal action), but that usually leads to the spammers friends making an exaple out of you (yet more unfortunate personal experience). I would just wait it out. Your ISP is doing the only thing they can by disabling your domain's e-mail. Soon, the "from" lookups will start failing for the spammer and he/she'll have to pick someone else to impersonate. I hope that your ISP will let you re-enable your domain's e-mail when it blows over. Good luck!
XP/2K/NT tend to treat services as if they were on an external machine by default. This is yet another architecture problem. Just take a look at any install with Active Ports. You'll see a lot of stuff attached to 0.0.0.0 or 127.0.0.1 as well as your normal IP. One that always makes me scratch my head is "svchost.exe" (service host, which listens on 0.0.0.0). I admit that a lot of *nix software does this too. I'm a firm believer that, if your application isn't transmitting/receiving network data or listening for a real networking reason, then you shouldn't have a port open. Even if it's to localhost.
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
It's a wrapper for something else. That's why you see more than one running on a lot of occasions. You'd have to go into the registry and know where to look to see what services it's wrapping. If you look in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost, you'll see that "rpcss" or the RPC service is one of them.
Most people running Windows XP or Windows 2K wouldn't know a service if it bit them.
The RPC service just bit them and bit them hard. Blood and flesh chunks and all that nasty just bitten stuff. I heard some novice office workers talking about RPC and what it does just the other day (they were trying to understand it). Experiencial learning strikes again!
You have a different problem than the "I don't understand why" user. Inside, these developers are really saying "I'm not just some stupid user. You can trust me with root access. I know how the OS works at it's core." When I run into one of those, I just tell them "and that's why you won't get root either".
I'm working submitting the fixes I've created actually. I've only recently (in the last two months) started the site, so it's still in-process - code submissions and all.
It all came about because I am building a module for Nuke. I started looking at the code and decided to do some house cleaning. Most of the fixes I implemented are already in the public (look around at Nuke Forums or search for "php nuke exploit"), so I'm betting that Francisco Burzi (the creator of Nuke) is working on implementing them for the next version if they aren't already in. He's been good about including fixes as problems are found.
Most of the exploits are simple SQL injection exploits, which affect all PHP/SQL code and not just Nuke. Let's say you want to query user data from a MySQL table named USERS with the USERID as the criteria:
?php mysql_query("select * from USERS where USERID=5"); ?
This will work great for one user, but to make the code portable, you'll need to use a variable for the USERID, so it becomes:
?php mysql_query("select * from USERS where USERID=$USERVAR"); ?
When the variable is passed by an online form it will look like this:
http://foo.yoursite.com/file.php?USERVAR=5
Because PHP doesn't keep strict varaible types, $USERID could contain the number 5 just as easily as it can contain the string "foo". Since the variable is at the end of the SQL query, we can append SQL to the end of our URL like:
As a result, PHP will hand MySQL a query that says "select * from users where USERID=5 or 1=1" (remember that %20 is an URL encoded space). Since 1 will always equal 1, MySQL will dump every record in the table instead of just the one with a USERID of 5. The way to fix this is simple. Before your line of PHP with the query, just do a simple
?php $USERVAR=intval($USERVAR); ?
Since our exploit relies on $USERVAR being interpreted as a string, it will fail as PHP intval() will discard everything in the variable from the first encountered non-integer onward. Thus malicious value of "5 or 1=1" becomes the number 5 again. There are a lot of places where this needs to be fixed and I haven't found them all yet. I'm working on a list that I plan to give to Francisco rather than have him try to keep track of me telling him about many individual ones and lose something along the way. Many nuke users have already fixed these themselves as well. There are other checks that need to be done for string variables, but I've already veered way too far offtopic.
I would be quite the selfish bastard to only fix the security holes for my use and no one else's. I'm glad you asked though. It never hurts to remind OSS users of their responsibilities should they touch the code.;)
.And I see the buffer overflow vulnerabilities and such that come out weekly for Linux software. Many of those vulnerabilities are theoretical, found by a perusal of source code and never actually taken advantage of.
You bring up an interesting point. I bet we'll never see Microsoft patch a theoretical exploit. They seem to see patching as a reactionary process rather than as bug tracking. "If it aint bad PR, then don't fix it." - Too bad that attitude still leaves it "broke".
I think website defacement and Linux security are 2 different issues all together.
Exactly! People tend to trust website "packages", like PHP-Nuke or site building applications a little too much. They tend to assume that someone has already fixed whatever security holes may be in it. When I installed PHP-Nuke (yes, I actually use it) I went through the PHP code with a fine toothed comb before I opened the site to the public. I found lots of potential SQL injection, external file call and global variable exploits that needed fixing. Since these sites usually end up being run on Linux and Apache, Linux and Apache get blamed when the site is defaced, when the actual weakness that led to the defacement was in the PHP/HTML pages themselves.
I don't expect everyone to know how to clean up security for a PHP site, but if they decide to use what they don't understand bad things will happen. If you know a novice that wants a site, start them out with some static HTML rather than let them use whatever code strikes their whim as "neat", "shiny" or "cool". Explain to them that they are learning how to eventually do the "shiny" stuff, but they need to learn how to use it safely first.
Wow. That's an interesting facet of this. I remember the arguments about how trivial it was and have seem CSS code myself (even managed to compile some), but the gzip example puts it over the top. I'll have to give the code a try.
"property and trade secrets rights outranked free speech rights in this case, because the DVD code was never meant to be public."
And the watergate tapes were never meant to be public. Neither was that Lawinski blowjob. Or the problems Pintos had with rear impacts. Or the harmful effects of tobacco. Or the methamphedamine formula. Or the LSD formula. etc. etc. etc.
This doesn't change the fact that the DVD code became public and now is. Being that manufacturers provided discs with the DVD code on them to the public for a small fee, I don't see how it could have been avoided.
Someone once explained it to me in a similar way. You may not hear the traditional "boom", but you will hear a shockwave full of debris hitting the hull (think the "crunch" you hear when the Enterprise from Next Generation gets hit).
Battlefield 1942 is another game that's great for team building because of it's AI. Jump into a co-op game and let the staff be the Allies. Let the bots be the Axis. No gunning down your coworkers that way, and if you do the game penalizes you.
To win a BF1942 match with the odds stacked against you (Axis to Allies ratio of 2:1 or better) takes teamwork and coordinated attacks. Like counterstrike, each a player can choose between different roles (engineer, scout, etc.). One of the best matches I ever played had a "leader" as a scout coordinating the attack from far away with binoculars.
Yeah, it makes sense to not run linux, doesn't it?
I would be more forgiving if he actually gave some props to non-MS operating systems, but his line seems to be that if it isn't MS it sucks. From the site:
If you are a starving "Open Source" programmer you should be looking for a paying job
That is why poor open source developers are rushing to create a dot net look-a-like for Linux (see news). Microsoft's.NET platform, which strongly promotes the use of XML, blows Unix and all its applications away as a web server.
If you have better things to do than install an OS that is "free", we encourage you to buy Windows XP.
On top of that Netcraft says the site is running BSD and Apache. Acoording to the site's author,.NET will take over the world. So... Is there a BSD port of.NET now (joke)? For someone who touts.NET and MS so much, you'd think he'd go out of his way to use IIS.
MS has been trying to position itself as a dealer for a long time. What does MS hope to deal? (you're already hooked on their software, so that's not it)
Referrals. MS wants to partner with everyone and direct the hapless Windows owner or MSN subscriber to targeted purchases like a junkie to a fix. Ideally so they can get a kickback from both the buyer and seller and become enough of a market presence that they can make demands. It's an extension of their "become necessary" type of business model. They are not in the business of providing information. They are not in the business of being helpful. They fully realize that the OS market will not grow forever. This is the MS of the future and it's one ugly bastard.
Umm... He's/She's saying that broadband just went to hell in a handbasket. A view that most of the posters to this article seem to share. This isn't offtopic, it just takes some thought and a sense of humor. If you can't do either of those, then put the mod points down before innocents get hurt.
To suggest that such organizations should actual spend more time trying to figure out what is right, or what is the best course of action for all will just bring a harangue about one's naivity.
More people need to know that this is how politics work. Most are taught that voting is doing their part in politics, but that isn't even half of it. People need to "associate" with others of like mind or like profession to help exert influence. This is the ideal behind which political parties were created.
I actually wish more people would become members of an association if only to vote for who the Board Members of their PAC should be. This is the real way to effect laws in the US as it is the Board Members who have oversite of the PAC's lobbyist(s). I wish more geeks (no offense, to me it's a compliment) would think of that next time they're at Frys buying yet another $30 hub or wireless mouse. It's not money itself that is the key, it's where the money goes. If you're sick of stuff like this bullroading and want to change it, you know how to do it.
Slashdot Mirror
So, what happens when the receiving e-mail server tries to verify account name too? The spammer has to use someone's real account name (which has happened to me more than once). Since the spammer is using his own mail server to send the messages, your account and domain names don't only get checked ageanst your mail server when the recipient server tries to verify that they exist and not when the spam is originally sent. Thus, it's almost impossible to prevent.
Your only hope is finding the spammer somehow and making them miserable in some way (getting their ISP to cut them off, legal action), but that usually leads to the spammers friends making an exaple out of you (yet more unfortunate personal experience). I would just wait it out. Your ISP is doing the only thing they can by disabling your domain's e-mail. Soon, the "from" lookups will start failing for the spammer and he/she'll have to pick someone else to impersonate. I hope that your ISP will let you re-enable your domain's e-mail when it blows over. Good luck!
Anecdotally, "svchost.exe" is described here as
It's a wrapper for something else. That's why you see more than one running on a lot of occasions. You'd have to go into the registry and know where to look to see what services it's wrapping. If you look in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost, you'll see that "rpcss" or the RPC service is one of them.That's cool. I wish there was some way to find out what the fixes are though.
It all came about because I am building a module for Nuke. I started looking at the code and decided to do some house cleaning. Most of the fixes I implemented are already in the public (look around at Nuke Forums or search for "php nuke exploit"), so I'm betting that Francisco Burzi (the creator of Nuke) is working on implementing them for the next version if they aren't already in. He's been good about including fixes as problems are found.
Most of the exploits are simple SQL injection exploits, which affect all PHP/SQL code and not just Nuke. Let's say you want to query user data from a MySQL table named USERS with the USERID as the criteria:
This will work great for one user, but to make the code portable, you'll need to use a variable for the USERID, so it becomes: When the variable is passed by an online form it will look like this: Because PHP doesn't keep strict varaible types, $USERID could contain the number 5 just as easily as it can contain the string "foo". Since the variable is at the end of the SQL query, we can append SQL to the end of our URL like: As a result, PHP will hand MySQL a query that says "select * from users where USERID=5 or 1=1" (remember that %20 is an URL encoded space). Since 1 will always equal 1, MySQL will dump every record in the table instead of just the one with a USERID of 5. The way to fix this is simple. Before your line of PHP with the query, just do a simpleSince our exploit relies on $USERVAR being interpreted as a string, it will fail as PHP intval() will discard everything in the variable from the first encountered non-integer onward. Thus malicious value of "5 or 1=1" becomes the number 5 again. There are a lot of places where this needs to be fixed and I haven't found them all yet. I'm working on a list that I plan to give to Francisco rather than have him try to keep track of me telling him about many individual ones and lose something along the way. Many nuke users have already fixed these themselves as well. There are other checks that need to be done for string variables, but I've already veered way too far offtopic.I would be quite the selfish bastard to only fix the security holes for my use and no one else's. I'm glad you asked though. It never hurts to remind OSS users of their responsibilities should they touch the code. ;)
I don't expect everyone to know how to clean up security for a PHP site, but if they decide to use what they don't understand bad things will happen. If you know a novice that wants a site, start them out with some static HTML rather than let them use whatever code strikes their whim as "neat", "shiny" or "cool". Explain to them that they are learning how to eventually do the "shiny" stuff, but they need to learn how to use it safely first.
Wow. That's an interesting facet of this. I remember the arguments about how trivial it was and have seem CSS code myself (even managed to compile some), but the gzip example puts it over the top. I'll have to give the code a try.
Could you explain that a little bit? Is that part of the encryption/decryption code?
This doesn't change the fact that the DVD code became public and now is. Being that manufacturers provided discs with the DVD code on them to the public for a small fee, I don't see how it could have been avoided.
Not if a good /.ing smashes it first.
Someone once explained it to me in a similar way. You may not hear the traditional "boom", but you will hear a shockwave full of debris hitting the hull (think the "crunch" you hear when the Enterprise from Next Generation gets hit).
That's what I meant. Sorry. I guess I should dust that off and play it again, hungh?
To win a BF1942 match with the odds stacked against you (Axis to Allies ratio of 2:1 or better) takes teamwork and coordinated attacks. Like counterstrike, each a player can choose between different roles (engineer, scout, etc.). One of the best matches I ever played had a "leader" as a scout coordinating the attack from far away with binoculars.
I would be more forgiving if he actually gave some props to non-MS operating systems, but his line seems to be that if it isn't MS it sucks. From the site:
On top of that Netcraft says the site is running BSD and Apache. Acoording to the site's author, .NET will take over the world. So... Is there a BSD port of .NET now (joke)? For someone who touts .NET and MS so much, you'd think he'd go out of his way to use IIS.
The Google Toolbar even has a pop-up blocker built into it. The blocker is still in beta, but it's great to hit two marketing birds with one stone.
Thanks! That mental image just made my day!
Referrals. MS wants to partner with everyone and direct the hapless Windows owner or MSN subscriber to targeted purchases like a junkie to a fix. Ideally so they can get a kickback from both the buyer and seller and become enough of a market presence that they can make demands. It's an extension of their "become necessary" type of business model. They are not in the business of providing information. They are not in the business of being helpful. They fully realize that the OS market will not grow forever. This is the MS of the future and it's one ugly bastard.
Umm... He's/She's saying that broadband just went to hell in a handbasket. A view that most of the posters to this article seem to share. This isn't offtopic, it just takes some thought and a sense of humor. If you can't do either of those, then put the mod points down before innocents get hurt.
No, Darl would be the King of Spades. Someone has to shovel all of the SCO bullshit and he's doing a great job.
More people need to know that this is how politics work. Most are taught that voting is doing their part in politics, but that isn't even half of it. People need to "associate" with others of like mind or like profession to help exert influence. This is the ideal behind which political parties were created.
I actually wish more people would become members of an association if only to vote for who the Board Members of their PAC should be. This is the real way to effect laws in the US as it is the Board Members who have oversite of the PAC's lobbyist(s). I wish more geeks (no offense, to me it's a compliment) would think of that next time they're at Frys buying yet another $30 hub or wireless mouse. It's not money itself that is the key, it's where the money goes. If you're sick of stuff like this bullroading and want to change it, you know how to do it.
I'll step off the soapbox now...