Dan's probably right, but by simply taking advantage of your generous offer for free phpBB admin accounts devoid of any serious accountability, I
was up and spamming my "users" from your server in about five minutes:
Code:
Received: from hostname.grabaforum.com (HELO hostname.grabaforum.com) (65.99.235.72)
by mail.sneakemail.com with SMTP; 24 Oct 2007 17:43:05 -0000
Received: from nobody by hostname.grabaforum.com with local (Exim 4.68)
(envelope-from <nobody@hostname.grabaforum.com>)
id 1Ikjs5-0008Ud-EQ; Wed, 24 Oct 2007 17:18:21 +0000
To: user@host.com
Subject: we have this viagra
Reply-To: <nevrjqffvs0t@sneakemail.com>
From: <nevrjqffvs0t@sneakemail.com>
Message-ID: <c267114fd36944df29d96a1b76726b7e@grabaforum.com>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Wed, 24 Oct 2007 17:18:21 +0000
I didn't even attempt any of the various XSS/CSRF/SQL Injection attacks that have been responsible for decimating phpBB installations beyond recognition over the years, I just went to the admin panel and clicked a button. Sure, the resulting messages contained a preamble with an administrative contact to report spam to, but since that contact belongs to the spammer in question (me), that's not going to help much.
I'm not trying to be insulting here, but honestly, given your current level of experience administering Linux systems, how many thousands of these do you think I'd be able to send out before you figured out what was going on? Probably enough to get you on a few blacklists, and maybe even attract a couple DDoS attacks that make life miserable for a lot of other completely innocent people on your node who weren't out there begging for it--including the KH staff members who will have to clean up the mess.
Your server troubles are really only going to get worse if you choose not to alter your current business model, and I have to wonder what benefit could possibly justify the risks involved. There are safer ways of tricking people into looking at ads if that's the goal.
Edit: You're also advertising the specific names and version numbers of most of your software to the world, making vulnerabilities even easier to find:
Code:
HTTP/1.1 302 Found
Date: Wed, 24 Oct 2007 18:55:17 GMT
Server: Apache/1.3.37 (Unix) PHP/5.2.3 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_ssl/2.8.28 OpenSSL/0.9.7a
X-Powered-By: PHP/5.2.3
Location: http://grabaforum.com/home/
Content-Type: text/html
Yikes!