[Tickets #5022] Ability to sending email without login, spamming
bugs@bugs.horde.org
bugs at bugs.horde.org
Thu Feb 22 08:20:13 PST 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5022
-----------------------------------------------------------------------
Ticket | 5022
Created By | mezon at niestety.pl
Summary | Ability to sending email without login, spamming
Queue | IMP
Version | 3.2.8
Type | Bug
State | Unconfirmed
Priority | 3. High
Owners |
-----------------------------------------------------------------------
mezon at niestety.pl (2007-02-22 08:20) wrote:
Today I discovered that some robots are sending tons of spam via IMP on my
server.
It seems that they can send it by passing data via POST to proper url,
here are some entries from apache log:
POST /horde2/imp/compose.php?uniq=82628848545cdd1e23e7441171116589640
HTTP/1.1" 200 102
"https://my-server-address/horde2/imp/compose.php?popup=1&to=&cc=&bcc=&msg=&subject=&thismailbox=INBOX&uniq=1171116505671
and just after that, another one:
POST /horde2/imp/compose.php?uniq=60020459645cdd1e5ce54b1171116607218
HTTP/1.1" 200 102
"https://my-server-address/horde2/imp/compose.php?popup=1&to=&cc=&bcc=&msg=&subject=&thismailbox=INBOX&uniq=1171116508500
More information about the bugs
mailing list