Receiving spam from firstname.lastname@example.org after vulnerability scan with Barracuda?
Posted 03 September 2018 - 06:14 PM
seems to be related with Barracuda. Does it have any sense? Is it possible that scanning with Barracuda will cause spam to be sent from the form?
Posted 04 September 2018 - 01:46 AM
Yes, blopazort.com is the testing website.
What kind of spam are you getting?
Posted 04 September 2018 - 02:04 PM
I have been receiving always the same email: the submission of one of the forms in the website with the following content:
Name: | /bin/cat /etc/passwd |
Posted 08 September 2018 - 08:59 PM
If you're running a scan using Vulnerability Manager and that causes the spam, it means you have an unprotected contact form that is sending those emails. I highly recommend you secure that form by adding a captcha or other bot-limiting feature - that will stop the spam.
If you do not want to modify the application, you can also configure Vulnerability Manager to exclude the form that is causing the email to be sent. See https://campus.barra...g-side-effects/for more information.
Let us know if you need additional assistance.