Hi folks,

Some linka have "?" on its URL, e.g.

http://www.AAA.com/B_dir/C-dir/showthread.php?s=xyz

or something like that.

Whenever you click the link data will pass along the URL and "?" will inform the server you are active. What is the "?" key named/termed?

Would mass mailer correct email address information from there to send spam?

B.R.
satimis

That link was not found.

I'm not faniliar with the FC2 OS.

M2

Then why are you posting in this thread? Did you actually try to load that URL? It's pretty obvious that it's just an example.

satimis, the ? is usually used to pass parameters to a cgi script by embedding them in the url itself. In your example, the parameter "s=xyz" would be passed to showthread.php.

Hi iamc,

Tks for your advice. Sorry, the URL on my first posting is only an example.

Previously my email box has been heavily attacked by bouncing spam mails forcing me to change email address finally. I'm trying to understand how it can happen.

Now the '?' is a switch passing parameter to a cgi script embedded after it. Should recipients click the link then signal will be sent to the server (the spammer) making him aware of the responding emails being alive. But following questions may popup;

1) How can the spammer know the email address with only a click on the URL
2) How can the spammer send more spams to the responding email address. He won't do it manually monitoring the server round the clock
3) How can the spammer change the sender's address frequently
4) How can the spammer make the spam emails bouncing on Internet, covered with a new ID on each bound.
5) If deleting all data after '?' would it result making the webpage disappeared, i.e unable to open.

B.R.
satimis

satimis, I think you overestimate the significance of the "?". CGI scripts are a perfectly legitimate tool, and are used on many websites for non spam related purposes. But, to answer your questions:

1) A spammer can't know your email address by virtue of "only a click on the URL". A CGI script may be able to read your email address if you have it entered somewhere in your browser settings, or possibly even if not, but the mere presence of the ? in a URL is not an indication of this happening.

2) Virtually all spam is sent using scripts. I'm not sure what you're asking here, but the answer is: with scripts.

3) see answer #2

4) It is trivial to make an email bounce "on Internet". Again, this is done with scripting.

5) No. Depending on the CGI, deleting everything after the "?" would simply make it not work.

Do not confuse "CGI script" with the kind of scripting I referred to in answers #2 #3 and #4. They are not necessarily related, and you are wrong in assuming the "?" in whatever URL you're freaking out about has anything to do with the spam problem you're having.

Why not ask a real question about whatever problem you're actually having instead of inventing wild theories and asking questions about those?

Hi iamc,

Tks for your advice.

> Why not ask a real question about whatever
> problem you're actually having instead of
> inventing wild theories and asking
> questions about those?

I don't know exactly how spam emails bouncing on my email acount, changing sender's address on each bound. It won't be easy for me to come up with one question. What I suspect is the links. Most of them are embedded on "click here", "Enter", etc. or something similar. I have no idea how the cgi script can get into my box. I never join other mailing lists except those relating to discussing IT technology or its related. Neither I'll download anything other than software package.

In order to avoid the reoccurrence of bouncing mails I'm trying to investige how it would happen.

Tks

B.R.
satimis

"What I suspect is the links. Most of them are embedded on "click here", "Enter", etc. or something similar
The embeded links are not how the emails are sent to you. They are simply the body of the email. Spam frequently contains HTML links that take you to the spammers webpage.

"I have no idea how the cgi script can get into my box"
The CGI script gets into your box because a spammer sent it to you in an email. Email is just text. Some email clients can parse HTML code in that text and display it as if it were part of a webpage. This is what you are seeing.

"I never join other mailing lists except those relating to discussing IT technology or its related"
Unfortunately, this doesn't matter. There are a number of ways spammers can get your email address. Sometimes, it's just by guessing.

"In order to avoid the reoccurrence of bouncing mails I'm trying to investige how it would happen.
I'm not sure what you mean by "bouncing". An email is typically referred to as having "bounced" when it gets returned to its sender. Is this what you are seeing? Emails that are apparently sent by you and returned as undeliverable? Or are the emails simply being sent to you?

Either way, what you're describing sounds like normal, everyday spam. The fact that it contains HTML or links to CGI scripts has nothing to do with how it got sent to you or how you got on the spammer's list.

There isn't much you can do to avoid getting spam, other than what you're already doing. You can filter it, however. I recommend spambayes. Other people will have different recommendations. I suggest you try several (starting with spambayes!) and find one that works for you.

Hi iamc,

- snip -

> I'm not sure what you mean by "bouncing".
> An email is typically referred to as having
> "bounced" when it gets returned to its
> sender. Is this what you are seeing? Emails
> that are apparently sent by you and
> returned
> ...

Emails of same content were continuously sent to me with ID/sender's address changed on each mail. Simultaneously same email was also automatically sent to friends of mine with my email address as sender. It seems the same email bouncing on Internet.

B.R.
satimis

No, it's not the "same" email "bouncing" on the Internet. It seems you just got a special place on some spammer's list. Not only is he sending you multiple emails and spoofing a different "from" address in each one. He is also sending the same emails to your friends and spoofing your email address as the "from" address.

This does sound more deliberate than random spam. Can you post the source and headers of one of the emails?

Hi iamc,

I think it is like an email virus. It happened more than one year ago. Sorry I could not find those emails from "Trash". Can I discover anything from email header(full) if it is a virus.

B.R.
satimis

"Can I discover anything from email header(full) if it is a virus."
Yes, possibly. Read this for a good primer.

Based on everything you've said in this thread, I don't think what you described is a virus. The presence of HTML, links to CGI scripts, or even script content itself in emails is not necessarily an indication of a virus.

Hi iamc,

Tks for your URL and advice.

B.R.
satimis