This post originated from an RSS feed registered with PHP Buzz
by Alan Knowles.
Original Post: captcha death and mod_proxy mistakes.
Feed Title: Smoking toooo much PHP
Feed URL: http://www.akbkhome.com/blog.php/RSS.xml
Feed Description: More than just a blog :)
The unfortunate thing about mod_proxy, is that it's a pain in the ass to set up correctly. Another one of the machines I work on had been using this to allow some remote access to a private box. Unfortunatly even though I had IP restricted access, I had obviously missed a setting somewhere. Looking at my logs the other day, I realized that apache was doing quite a trade in URLs...
Last time I misconfigured mod_proxy, my ISP had phoned me up to let me know there was spam eminating from my server, so I had re-configured mod_proxy and fixed the open proxy on that server. My guess is that the abusers of mod_proxy had concluded that such a direct attack (POST xx.xx.xx.xx:25 ... MAIL FROM ....) was rather self defeating, as ISP's tend just to block a server if it is shooting out lots of spam (or suddenly has high traffic outbound on port 25)
So I was supprised to see what was being requested from my open proxy. Captcha images!!!!!
Guessing from the referrer information, I think some guy in Bejing had come up with this idea:
- Set up an online game site, and make the users fill in a captcha to play the game. - Except, the captcha actually comes from a free webmail provider, and the entered data enables them to set up new webmail accounts, and send out webmail.
I presume that doing that directly from their server caused them to get blocked pretty quickly from the webmail provider, so they just looked around for open proxies to solve the problem..
Quite smart in some respects, and I like the bit about on-line gaming to do this - lot's of kids like these on-line games, and dont think twice when they solve a captcha.. - Let's just hope that blog spammers dont get in on the act..
Previous Topic
