There was an article I read the other day (perhaps on Digg?) that said the spammers have broken the captcha that Gmail uses for signup. They said the attack technique was actually very sophisticated, whereby the machine doing the web login would send the captcha to other random machines on the botnet. The other machines would then try to decode the captcha and send the info back to the original machine. It said they were decoding about 1 in 5.
Surprised Google hasn't fixed this yet... ray On Thu, 28 Feb 2008, Dustin Puryear wrote: > Maybe they have a script that can email through a gmail account? > > -- > Dustin Puryear > President and Sr. Consultant > Puryear Information Technology, LLC > 225-706-8414 x112 > http://www.puryear-it.com > > Author, "Best Practices for Managing Linux and UNIX Servers" > http://www.puryear-it.com/pubs/linux-unix-best-practices/ > > > Alvaro Zuniga wrote: >> Nice! A box was under an apparent DNS attack. Here is a tiny sample of what >> was found. >> >> Feb 27 15:05:39 interceptor3 postfix-rx/smtpd[5192]: timeout after >> END-OF-MESSAGE from py-out-1112.google.com[64.233.166.179] >> Feb 27 15:05:39 interceptor3 postfix-rx/smtpd[5192]: disconnect from >> py-out-1112.google.com[64.233.166.179] >> Feb 27 15:07:36 interceptor3 postfix-rx/smtpd[6839]: connect from >> py-out-1112.google.com[64.233.166.179] >> Feb 27 15:07:39 interceptor3 postfix-rx/smtpd[6839]: NOQUEUE: discard: RCPT >> from py-out-1112.google.com[64.233.166.179]: <[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>>: Receipient Address rxx-002-d17; from=<> >> to=<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> proto=ESMTP >> helo=<py-out-1112.google.com> >> Feb 27 15:07:39 interceptor3 postfix-rx/smtpd[6839]: E948CE4746: >> client=py-out-1112.google.com[64.233.166.179] >> Feb 27 15:07:52 interceptor3 postfix-rx/smtpd[6839]: timeout after >> END-OF-MESSAGE from py-out-1112.google.com[64.233.166.179] >> Feb 27 15:07:52 interceptor3 postfix-rx/smtpd[6839]: disconnect from >> py-out-1112.google.com[64.233.166.179] >> Feb 27 15:35:46 interceptor3 postfix-rx/smtpd[6889]: connect from >> py-out-1112.google.com[64.233.166.179] >> Feb 27 15:35:46 interceptor3 postfix-rx/smtpd[6889]: NOQUEUE: discard: RCPT >> from py-out-1112.google.com[64.233.166.179]: <[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>>: Receipient Address rlx-102-d22; from=<> >> to=<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> proto=ESMTP >> helo=<py-out-1112.google.com> Feb 27 15:35:46 interceptor3 >> postfix-rx/smtpd[6889]: 9EC4DE46C2: >> client=py-out-1112.google.com[64.233.166.179] >> Feb 27 15:35:56 interceptor3 postfix-rx/smtpd[6889]: NOQUEUE: discard: RCPT >> from py-out-1112.google.com[64.233.166.179]: <[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>>: Receipient Address rzx-801-d1h; from=<> >> to=<[EMAIL PROTECTED] >> >> There are about 2K rejections an hour from google alone. Already looked >> into DNS posioning. Mailer daemons due to domain spoofing hopefully is >> the reason. Does anyone know anything about this? >> >> Alvaro Zuniga >> >> _______________________________________________ >> General mailing list >> General@brlug.net >> http://mail.brlug.net/mailman/listinfo/general_brlug.net > > _______________________________________________ > General mailing list > General@brlug.net > http://mail.brlug.net/mailman/listinfo/general_brlug.net > -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Ray DeJean http://www.r-a-y.org Systems Engineer Southeastern Louisiana University IBM Certified Specialist AIX Administration, AIX Support =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= _______________________________________________ General mailing list General@brlug.net http://mail.brlug.net/mailman/listinfo/general_brlug.net
