Mailing List Message #92568
From: Stefan Seiz <>
Subject: Re: Speaking of CGP and Spam....
Date: Tue, 11 Sep 2007 20:08:57 +0200
To: CommuniGate Pro Discussions <>
On 11.09.2007 19:28 Uhr, John Rudd <> wrote:

> In the last month or two we've had 3 cases of independent sites in
> Africa compromising 3 different accounts (3 total, not 9 total ... 1 per
> site) and using them to send spam.  All of the reported messages came
> through webmail, but I'm sure if I just limited their webmail access
> they'd start using SMTP-Auth.

I'd guess if you don't require Webmailsessions to come from the SAME IP,
then it might be not too hard to hijack a webmail-session and thus maybe
effectively take ofer an account...

That is a general problem with session ids in URLs or even cookies...

Stefan Seiz <>
Spamto: <>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster