Published 2006-02-08 09:56:49

The unfortunate thing about mod_proxy, is that it's a pain in the ass to set up correctly. Another one of the machines I work on had been using this to allow some remote access to a private box. Unfortunatly even though I had IP restricted access, I had obviously missed a setting somewhere. Looking at my logs the other day, I realized that apache was doing quite a trade in URLs...

Last time I misconfigured mod_proxy, my ISP had phoned me up to let me know there was spam eminating from my server, so I had re-configured mod_proxy and fixed the open proxy on that server. My guess is that the abusers of mod_proxy had concluded that such a direct attack (POST xx.xx.xx.xx:25 ... MAIL FROM ....) was rather self defeating, as ISP's tend just to block a server if it is shooting out lots of spam (or suddenly has high traffic outbound on port 25)

So I was supprised to see what was being requested from my open proxy. Captcha images!!!!!

Guessing from the referrer information, I think some guy in Bejing had come up with this idea:

- Set up an online game site, and make the users fill in a captcha to play the game.
- Except, the captcha actually comes from a free webmail provider, and the entered data enables them to set up new webmail accounts, and send out webmail.

I presume that doing that directly from their server caused them to get blocked pretty quickly from the webmail provider, so they just looked around for open proxies to solve the problem..

Quite smart in some respects, and I like the bit about on-line gaming to do this - lot's of kids like these on-line games, and dont think twice when they solve a captcha.. - Let's just hope that blog spammers dont get in on the act..
Mentioned By:
google.com : february (130 referals)
google.com : php captcha (98 referals)
google.com : free captcha in php4 (49 referals)
swik.net : PHP: Hypertext Preprocessor : Planet PHP : captcha death and mod_proxy mistakes. - SWiK (34 referals)
google.com : mod_proxy (32 referals)
google.com : free php captcha (25 referals)
google.com : mod_proxy spam (25 referals)
google.com : debian mod_proxy (23 referals)
google.com : december (19 referals)
google.com : mod_proxy php (18 referals)
google.com : mod_proxy debian (15 referals)
planet-php.org : Planet PHP (14 referals)
planet.debian.org.hk : Debian HK : Debian @ Hong Kong (9 referals)
google.com : php captcha google (9 referals)
google.com : mod_proxy images (7 referals)
google.com : php google captcha (7 referals)
www.debianlinux.net : Free Software Planet (5 referals)
google.com : CAPTCHA Free php (5 referals)
google.com : captcha php (5 referals)
google.com : google captcha php (4 referals)

Comments

Another way they do it
is through porn sites. Solve a couple captcha's for access. At least that's what I've been told ;)

Making it a game is a nice twist.
#0 - Aaron ( Link) on 2006-02-08 14:36:44 Delete Comment

Add Your Comment

Follow us on