[horde] spammers targeting horde/imp as spamming tool
liamr at umich.edu
liamr at umich.edu
Wed Apr 30 18:52:09 UTC 2008
Here are some keywords that we've used...
grep -Ei
"(loan|collateral|investment|courier|application|commercial|interest ra
tes|salary|pin number|withdrawal|money order|atm
card|lottery|bank|check|cheque|
business proposal|funds|headquarters|thousand dollars|thousand
pounds|thousand e
uros|million dollars|million pounds|million
euros|payment|prize|winners|transact
ion|claims|winnings|sweepstakes)"
Liam
Quoting D G Teed <donald.teed at gmail.com>:
> Hi,
>
> Perhaps you could expand on the details a little and we can all
> learn some strategies? I don't understand what keywords you
> would search for which could be indicative of spammer or a
> compromised account.
>
> Also, where or how do you sent up this rule to control the abuse of envelope
> and header values?
>
> --Donald
>
> On Wed, Apr 30, 2008 at 12:39 PM, robert sand <rsand at d.umn.edu> wrote:
>>
>> Yes this is daily here. We get both brute force attacks on weak
>> passwords and phishing events. I've written a script
>> to find keywords in the identities field in horde_prefs to find
>> most but others are found by denying sending of email
>> where the envelope and from headers are set to another domain.
>>
>>
>> Eric Jon Rostetter wrote:
>> > Quoting Andrew Morgan <morgan at orst.edu>:
>> >
>> >> Spammers are using brute force or phished login information to gain
>> >> access to imp, and then sent out spam
>> >
>> > This is happening with IMP, as well as several other webmail
>> applications.
>> > I want to stress it isn't specific to IMP, and has been seen with other
>> > apps like SquirrelMail and such.
>> >
>> >> Any other comments or thoughts on this trend?
>> >
>> > It is an increasing trend, hitting EDU sites fairly heavily right now.
>> >
>>
>> --
>> Robert Sand.
>> mailto:rsand at d.umn.edu
>> 1028 Kirby Drive
>> 366 K Plz
>> Duluth, MN 55812-3095
>> 218-726-6122 fax 218-726-7674
>>
>> "Walk behind me I may not lead, Walk in front of me I may not follow,
>> Walk beside me and we walk together" UTE Tribal proverb.
>>
>>
>> --
>> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>
> --
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
> !DSPAM:4818bde145791080021269!
>
>
>
>
More information about the horde
mailing list