[ale] exploitable spam machines

synco gibraldter synco at xodarap.net
Mon Sep 22 11:14:00 EDT 2003


has anybody noticed that lots of the spam received is coming from outdated vanilla 
redhat machines with an exploitable version of openssh?  i checked three of my 
spams today and they were all very similar.  i can only assume that these people 
don't really care if the machine gets exploited because they have so many of them 
acting as spam "drones" that can be rebuilt faster than they can be secured -- either 
that or perhaps they were insecure machines that were taken over for the purposes 
of spamming.

here's two of the hosts i found this morning:
38.117.36.195
64.119.221.218

also notice the open web port with the default apache test page on both of those 
hosts.  i'd like to see somebody make a mail filter script that checks if it's one of 
those drones, roots, and shuts it down.  bwahahahah

--    synco gibraldter
--    atlanta, ga
--    synco at xodarap.net
--    key id: 0xC5117E0A



More information about the Ale mailing list