Don't Let doors.txt Take Control of Your Email Server
By Stephen Bucaro
If you have an email contact form on your Website and you have received a message
which appears to contain random text and the file name doors.txt followed by some digits,
your mail server is being probed for vulnerabilities by a hacker. An example of a
possible message is shown below:
This seemingly random text is actually machine code that probes your email server for
backdoors (unsecured ports) which the hacker can use to take control of it to send
massive amounts of spam. The digits after doors.txt are parameters for the file
doors.txt which is used to send information about any backdoor vulnerabilities in your
email server back to the hacker.
Hopefully your mail server is administered by on-the-ball system administers who have
secured all backdoors, but if you're not confident of that, you should have code in your
email form that modifies any incoming messages. The text string in the subject and
body of all incoming email messages should be modified by your email form code.
Code in your email form should break the text string and stuff characters in the string
that you can easily filter out later. The inserted characters will cause the hacker's
machine code to fail.