lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: m0rtis at adelphia.net (Mortis)
Subject: Unauthorized access in Web Wiz Forum

Dearest (suretel.net/sigma.com/your-server.de)
administrators,

Your mail server is acting as a relay when it gets certain
messages from the bugtraq mailing list
(bugtraq@...urityfocus.com).  The problem messages are also
copied to the full disclosure list in the original To: or
Cc:.

Your servers are accepting the message from securityfocus.
It is intended for one of your customers.  You are
forwarding the message to full-disclosure@...ts.netsys.com.

I am thinking this sort of forwarding could be used for all
sorts of fun and naughty things.

I have enclosed the headers I get on this end of the
journey.

I hate to lose another box for sending out my 419 spams, but
we all have to sacrifice now and then.  Russian hackers are
swearing at you.  I don't want to see the fallout.

BTW, these folks could use a donation:
http://www.rosies.org/content/h-donate.htm

It's getting cold up north and the bums could use some soup
and assorted whatnot.  Like a coat or something.

Regards,
Mortis


suretel.net:
--------------------
Return-Path: <full-disclosure-admin@...ts.netsys.com>
Received: from netsys.com ([199.201.233.10]) by
mta4.adelphia.net
          (InterMail vM.5.01.06.05
201-253-122-130-105-20030824) with ESMTP
          id
<20031106220410.HFJD20580.mta4.adelphia.net@...sys.com>
          for <m0rtis@...lphia.net>; Thu, 6 Nov 2003
17:04:10 -0500
Received: from NETSYS.COM (localhost [127.0.0.1])
	by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
hA6LcDG06524;
	Thu, 6 Nov 2003 16:38:13 -0500 (EST)
Received: from mail.suretel.net (mail1.suretel.net
[69.8.3.246])
	by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
hA6LXI704437
	for <full-disclosure@...ts.netsys.com>; Thu, 6 Nov 2003
16:33:20 -0500 (EST)
Received: from mail pickup service by mail.suretel.net with
Microsoft SMTPSVC;
	 Thu, 6 Nov 2003 15:32:18 -0600
Thread-Index: AcOiLxyBnlhT/21KSXW0Fa3sdHxh5A==
Priority: normal
Received: from outgoing2.securityfocus.com
([205.206.231.26]) by mail.suretel.local with Microsoft
SMTPSVC(5.0.2195.5329); Mon, 3 Nov 2003 11:22:51 -0600
Received: from lists2.securityfocus.com
(lists2.securityfocus.com [205.206.231.20]) by
outgoing2.securityfocus.com (Postfix) with QMQP id
2D05D8F877; Mon,  3 Nov 2003 03:29:08 -0700 (MST)
Mailing-List: contact bugtraq-help@...urityfocus.com; run by
ezmlm
Content-Class: urn:content-classes:message
Importance: normal
Precedence: bulk
Delivered-To: mailing list bugtraq@...urityfocus.com
Delivered-To: moderator for bugtraq@...urityfocus.com
Received: (qmail 16398 invoked from network); 2 Nov 2003
03:41:22 -0000
Message-ID: <020a01c3a126$9b91aaf0$0bd3bdd5@...killer>
From: "Alexander Antipov" <pk95@...dex.ru>
To: <full-disclosure@...ts.netsys.com>,
<bugtraq@...urityfocus.com>
Cc: <info@...wizguide.info>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1193
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-OriginalArrivalTime: 03 Nov 2003 17:22:51.0960 (UTC)
FILETIME=[1C5E2380:01C3A22F]
Subject: [Full-Disclosure] Unauthorized access in Web Wiz
Forum
Sender: full-disclosure-admin@...ts.netsys.com
Errors-To: full-disclosure-admin@...ts.netsys.com
X-BeenThere: full-disclosure@...ts.netsys.com
X-Mailman-Version: 2.0.12
List-Unsubscribe:
<http://lists.netsys.com/mailman/listinfo/full-disclosure>,

<mailto:full-disclosure-request@...ts.netsys.com?subject=uns
ubscribe>
List-Id: Discussion of security issues
<full-disclosure.lists.netsys.com>
List-Post: <mailto:full-disclosure@...ts.netsys.com>
List-Help:
<mailto:full-disclosure-request@...ts.netsys.com?subject=hel
p>
List-Subscribe:
<http://lists.netsys.com/mailman/listinfo/full-disclosure>,

<mailto:full-disclosure-request@...ts.netsys.com?subject=sub
scribe>
List-Archive:
<http://lists.netsys.com/pipermail/full-disclosure/>
Date: Sun, 2 Nov 2003 12:49:25 +0300

sigma.com:
------------------------
Return-Path: <full-disclosure-admin@...ts.netsys.com>
Received: from netsys.com ([199.201.233.10]) by
mta10.adelphia.net
          (InterMail vM.5.01.06.05
201-253-122-130-105-20030824) with ESMTP
          id
<20031105113028.HRNG16939.mta10.adelphia.net@...sys.com>
          for <m0rtis@...lphia.net>; Wed, 5 Nov 2003
06:30:28 -0500
Received: from NETSYS.COM (localhost [127.0.0.1])
	by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
hA5ARBG06371;
	Wed, 5 Nov 2003 05:27:11 -0500 (EST)
Received: from gw.simga.com (62-231-67-45.rdsnet.ro
[62.231.67.45] (may be forged))
	by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
hA5APD705805
	for <full-disclosure@...ts.netsys.com>; Wed, 5 Nov 2003
05:25:13 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
	by gw.simga.com (Postfix) with ESMTP
	id D0DAC15947; Wed,  5 Nov 2003 13:17:40 +0200 (EET)
Received: by gw.simga.com (Postfix, from userid 0)
	id 59A256DA4; Wed,  5 Nov 2003 13:17:39 +0200 (EET)
Received: from outgoing2.securityfocus.com
(outgoing2.securityfocus.com [205.206.231.26])
	by gw.simga.com (Postfix) with ESMTP id 0E05615CC5
	for <vladg@...ga.com>; Tue,  4 Nov 2003 19:23:05 +0200
(EET)
Received: from lists2.securityfocus.com
(lists2.securityfocus.com [205.206.231.20])
	by outgoing2.securityfocus.com (Postfix) with QMQP
	id 2D05D8F877; Mon,  3 Nov 2003 03:29:08 -0700 (MST)
Mailing-List: contact bugtraq-help@...urityfocus.com; run by
ezmlm
Precedence: bulk
Delivered-To: mailing list bugtraq@...urityfocus.com
Delivered-To: moderator for bugtraq@...urityfocus.com
Received: (qmail 16398 invoked from network); 2 Nov 2003
03:41:22 -0000
Message-ID: <020a01c3a126$9b91aaf0$0bd3bdd5@...killer>
From: "Alexander Antipov" <pk95@...dex.ru>
To: <full-disclosure@...ts.netsys.com>,
<bugtraq@...urityfocus.com>
Cc: <info@...wizguide.info>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1193
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1193
X-Virus-Scanned: by AMaViS 0.3.12pre8
Subject: [Full-Disclosure] Unauthorized access in Web Wiz
Forum
Sender: full-disclosure-admin@...ts.netsys.com
Errors-To: full-disclosure-admin@...ts.netsys.com
X-BeenThere: full-disclosure@...ts.netsys.com
X-Mailman-Version: 2.0.12
List-Unsubscribe:
<http://lists.netsys.com/mailman/listinfo/full-disclosure>,

<mailto:full-disclosure-request@...ts.netsys.com?subject=uns
ubscribe>
List-Id: Discussion of security issues
<full-disclosure.lists.netsys.com>
List-Post: <mailto:full-disclosure@...ts.netsys.com>
List-Help:
<mailto:full-disclosure-request@...ts.netsys.com?subject=hel
p>
List-Subscribe:
<http://lists.netsys.com/mailman/listinfo/full-disclosure>,

<mailto:full-disclosure-request@...ts.netsys.com?subject=sub
scribe>
List-Archive:
<http://lists.netsys.com/pipermail/full-disclosure/>
Date: Sun, 2 Nov 2003 12:49:25 +0300


your-server.de:
------------------------------------
Return-Path: <full-disclosure-admin@...ts.netsys.com>
Received: from netsys.com ([199.201.233.10]) by
mta1.adelphia.net
          (InterMail vM.5.01.06.05
201-253-122-130-105-20030824) with ESMTP
          id
<20031103180117.QJID26264.mta1.adelphia.net@...sys.com>
          for <m0rtis@...lphia.net>; Mon, 3 Nov 2003
13:01:17 -0500
Received: from NETSYS.COM (localhost [127.0.0.1])
	by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
hA3GwCG22028;
	Mon, 3 Nov 2003 11:58:12 -0500 (EST)
Received: from www3.your-server.de (www3.your-server.de
[213.133.104.3])
	by netsys.com (8.11.6p2-2003-09-16/8.11.6) with SMTP id
hA3Guq721461
	for <full-disclosure@...ts.netsys.com>; Mon, 3 Nov 2003
11:56:54 -0500 (EST)
Received: (qmail 2102 invoked by uid 0); 3 Nov 2003
16:56:52 -0000
Received: from pk95@...dex.ru by www3.your-server.de by uid
502 with qmail-scanner-1.15
 (vexira: 6.22.0.1/6.22.0.24.  Clear:.
 Processed in 0.583508 secs); 03 Nov 2003 16:56:52 -0000
X-Qmail-Scanner-Mail-From: pk95@...dex.ru via
www3.your-server.de
X-Qmail-Scanner: 1.15 (Clear:. Processed in 0.583508 secs)
Received: from pd9e8dc06.dip.t-dialin.net (HELO
europa.DSHSTATISTIK.DE) (217.232.220.6)
  by www3.your-server.de with SMTP; 3 Nov 2003
16:56:51 -0000
Received: from europa.DSHSTATISTIK.DE ([192.168.0.30]) by
europa.DSHSTATISTIK.DE with Microsoft
SMTPSVC(5.0.2195.5329);
	 Mon, 3 Nov 2003 18:00:52 +0100
Received: by europa.DSHSTATISTIK.DE (Microsoft Connector for
POP3 Mailboxes 5.00.2195) with SMTP (Global POP3 Download)
	 id MSG11032003-180049-472.MMD@...STATISTIK.DE; Mon, 3 Nov
2003 18:00:49 +0100
Delivered-To: dshstat-webmaster@...-statistik.de
Received: (qmail 28108 invoked by uid 910); 3 Nov 2003
16:43:24 -0000
Delivered-To: dshstat-johannes.klein@...-statistik.de
Received: (qmail 28103 invoked by uid 0); 3 Nov 2003
16:43:24 -0000
Received: from
bugtraq-return-11681-johannes.klein=dsh-statistik.de@...urit
yfocus.com by www3.your-server.de by uid 502 with
qmail-scanner-1.15
 (vexira: 6.22.0.1/6.22.0.24.  Clear:.
 Processed in 0.581339 secs); 03 Nov 2003 16:43:24 -0000
X-Qmail-Scanner-Mail-From:
bugtraq-return-11681-johannes.klein=dsh-statistik.de@...urit
yfocus.com via www3.your-server.de
X-Qmail-Scanner: 1.15 (Clear:. Processed in 0.581339 secs)
Received: from outgoing2.securityfocus.com (205.206.231.26)
  by www3.your-server.de with SMTP; 3 Nov 2003
16:43:24 -0000
Received: from lists2.securityfocus.com
(lists2.securityfocus.com [205.206.231.20])
	by outgoing2.securityfocus.com (Postfix) with QMQP
	id 2D05D8F877; Mon,  3 Nov 2003 03:29:08 -0700 (MST)
Mailing-List: contact bugtraq-help@...urityfocus.com; run by
ezmlm
Precedence: bulk
Delivered-To: mailing list bugtraq@...urityfocus.com
Delivered-To: moderator for bugtraq@...urityfocus.com
Received: (qmail 16398 invoked from network); 2 Nov 2003
03:41:22 -0000
Message-ID: <020a01c3a126$9b91aaf0$0bd3bdd5@...killer>
From: "Alexander Antipov" <pk95@...dex.ru>
To: <full-disclosure@...ts.netsys.com>,
<bugtraq@...urityfocus.com>
Cc: <info@...wizguide.info>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1193
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1193
X-OriginalArrivalTime: 03 Nov 2003 17:00:52.0500 (UTC)
FILETIME=[09E88540:01C3A22C]
Subject: [Full-Disclosure] Unauthorized access in Web Wiz
Forum
Sender: full-disclosure-admin@...ts.netsys.com
Errors-To: full-disclosure-admin@...ts.netsys.com
X-BeenThere: full-disclosure@...ts.netsys.com
X-Mailman-Version: 2.0.12
List-Unsubscribe:
<http://lists.netsys.com/mailman/listinfo/full-disclosure>,

<mailto:full-disclosure-request@...ts.netsys.com?subject=uns
ubscribe>
List-Id: Discussion of security issues
<full-disclosure.lists.netsys.com>
List-Post: <mailto:full-disclosure@...ts.netsys.com>
List-Help:
<mailto:full-disclosure-request@...ts.netsys.com?subject=hel
p>
List-Subscribe:
<http://lists.netsys.com/mailman/listinfo/full-disclosure>,

<mailto:full-disclosure-request@...ts.netsys.com?subject=sub
scribe>
List-Archive:
<http://lists.netsys.com/pipermail/full-disclosure/>
Date: Sun, 2 Nov 2003 12:49:25 +0300

A proper copy from the list.  You probably got it this way,
too, before you remailed it:
----------------------------
Return-Path: <full-disclosure-admin@...ts.netsys.com>
Received: from netsys.com ([199.201.233.10]) by
mta11.adelphia.net
          (InterMail vM.5.01.06.05
201-253-122-130-105-20030824) with ESMTP
          id
<20031102102538.IITS24277.mta11.adelphia.net@...sys.com>
          for <m0rtis@...lphia.net>; Sun, 2 Nov 2003
05:25:38 -0500
Received: from NETSYS.COM (localhost [127.0.0.1])
	by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
hA29o1G14743;
	Sun, 2 Nov 2003 04:50:01 -0500 (EST)
Received: from bingo.new.yandex.ru (bingo.new.yandex.ru
[213.180.200.1])
	by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
hA29m4714264
	for <full-disclosure@...ts.netsys.com>; Sun, 2 Nov 2003
04:48:05 -0500 (EST)
Received: from algo6.fix.aha.ru ([213.189.211.11]:39950
"EHLO pigkiller"
	smtp-auth: "pk95" TLS-CIPHER: <none> TLS-PEER-CN1: <none>)
	by mail.yandex.ru with ESMTP id <S687884AbTKBJrx>;
	Sun, 2 Nov 2003 12:47:53 +0300
Message-ID: <020a01c3a126$9b91aaf0$0bd3bdd5@...killer>
From: "Alexander Antipov" <pk95@...dex.ru>
To: <full-disclosure@...ts.netsys.com>,
<bugtraq@...urityfocus.com>
Cc: <info@...wizguide.info>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1193
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1193
Subject: [Full-Disclosure] Unauthorized access in Web Wiz
Forum
Sender: full-disclosure-admin@...ts.netsys.com
Errors-To: full-disclosure-admin@...ts.netsys.com
X-BeenThere: full-disclosure@...ts.netsys.com
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe:
<http://lists.netsys.com/mailman/listinfo/full-disclosure>,

<mailto:full-disclosure-request@...ts.netsys.com?subject=uns
ubscribe>
List-Id: Discussion of security issues
<full-disclosure.lists.netsys.com>
List-Post: <mailto:full-disclosure@...ts.netsys.com>
List-Help:
<mailto:full-disclosure-request@...ts.netsys.com?subject=hel
p>
List-Subscribe:
<http://lists.netsys.com/mailman/listinfo/full-disclosure>,

<mailto:full-disclosure-request@...ts.netsys.com?subject=sub
scribe>
List-Archive:
<http://lists.netsys.com/pipermail/full-disclosure/>
Date: Sun, 2 Nov 2003 12:49:25 +0300

> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com]On
> Behalf Of Alexander Antipov
>
> What's shit? I did not send this message again!


Powered by blists - more mailing lists