- What is E-mail Forging ?
Examples of spoofed email that could affect the security of your site include:
- email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this.
- email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information.
- you can send an email to your friend with the following sender details: From: Bill Gates <billg@microsoft.com>
- Methods:
One can send Anonymous emails simply by installing an SMTP server in his system and using the TELNET commands:
This method used to work successfully in the past, but today it has a very low success rate since Gmail and Yahoomail blocks the emails that are sent directly from a PC.
2. Using Email Script:
First we need to find a PHP supported web hosting providers like Ripway or Freewha or 110mb.com. Usually they all are trusted and authorised.
Script Code:
<?php
$to = "someone@example.com";
$subject = "Test mail";
$message = "Hello! This is a simple email message.";
$from = "someonelse@example.com";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
echo "Mail Sent.";
?>
Now upload the PHP script on that site and set the permission to 777. U are done...
- Prevent Spam :
2. Similarly, sites may wish to consider enabling SSL/TLS in their mail transfer software. Using certificates in this manner increases the amount of authentication performed when sending mail.
3. Configure your mail delivery daemon to prevent someone from directly connecting to your SMTP port to send spoofed email to other sites.
4. Educate your users about your site's policies and procedures in order to prevent them from being "social engineered," or tricked, into disclosing sensitive information (such as passwords).
Happy Hacking...Enjoy...
For educational purpose only...Do not misuse it...
No comments:
Post a Comment
If you like this post, comment please...