Matt's scripts strike again

From the "it couldn't happen to us" department:

I just received this email from my ISP.

We are no longer allowing ANY of Matt Wright's scripts to be run on any of our servers. This includes semi-private servers, as well as all other hosting accounts. These scripts have been a huge security risk and, today, some of Matt Wright's scripts severely effected several of our servers. Today, a spammer had compromised security holes in these scripts and literally flooded our network with outgoing spam, meaning that almost all available bandwidth was being used to send spam for about 20 minutes (until we could find and shut them down).

I sent them the url for nms

Comment on Matt's scripts strike again

Replies are listed 'Best First'.
Re: Matt's scripts strike again by b10m (Vicar) on Dec 09, 2003 at 15:58 UTC
Oh yeah, the lovely Matt Wright scripts. I get a lot of "formmail.[cgi\|pl]" requests to my server. Spammers just love it. I redirect them to a trap-cgi that'll collect all POST data, IP, etc. so I can go complain to their ISP. Anyway, it's good to see your ISP has some clue ;) -- B10m	[reply]
Re: Matt's scripts strike again by Abigail-II (Bishop) on Dec 09, 2003 at 16:19 UTC
Anyway, it's good to see your ISP has some clue. I'd say, the ISP doesn't have a clue. They only outlawed Matt Wright after they relayed for a while. And they are still not getting it. The problem isn't Matt Wright, the problem is installing any random junk and praying it works fine. Today it was formmail, tomorrow it's something else. The fact that one buggy program installed on one host can "severely effect several of our servers", and consume almost all bandwidth is a serious design problem of ISP's setup. I'd be mighty pissed if I was using the ISP's hosting service, and connection to my site was seriously disrupted because of what happened with some other site. Abigail	[reply]
Re: Matt's scripts strike again by b10m (Vicar) on Dec 09, 2003 at 16:37 UTC
I didn't say they had much clue, but some ;) But yes, you are right. They should have looked at the issue before they implemented it. Especially since is known for ages that these scripts can be exploited by evil spammers. -- B10m	[reply]
Re: Re: Matt's scripts strike again by davido (Cardinal) on Dec 09, 2003 at 16:51 UTC
Re: Matt's scripts strike again by Abigail-II (Bishop) on Dec 09, 2003 at 17:04 UTC
Re: Re: Re: Matt's scripts strike again by hardburn (Abbot) on Dec 09, 2003 at 18:45 UTC
Some notes below your chosen depth have not been shown here
Re: Matt's scripts strike again by tadman (Prior) on Dec 09, 2003 at 20:09 UTC
It's not just Matt's Scripts that have trouble. The popular Web-logging tool Movable Type has a SPAM-vulnerable script called `mt-send-entry.cgi`. Not as popular yet, but it pays to stay ahead of the curve and lock this one down.	[reply]
Re: Matt's scripts strike again by boo_radley (Parson) on Dec 09, 2003 at 21:23 UTC
It sounds circumstantially like your isp just made slashdot, based on the securityfocus article they link to. (Coincidentally, the /. post is by St. Aardvark, who sent a story about one of my perl scripts into slashdot.)	[reply]


Don't ask to ask, just ask
	PerlMonks