Security Incidents mailing list archives
Re: How to determine which PHP-script allows spamming?
From: Rainer Duffner <rainer () ultra-secure de>
Date: Thu, 13 Apr 2006 22:36:31 +0200
tyler () tylerhall net wrote:
http://choon.net/php-mail-header.php
Hello, just a late follow-up.I never got around to try this patch, but during this week, things got really out of control and had to be fixed, so I installed it.
The culprit turned out to be some guy who, instead of creating links to his web-pages decided to include them.
This happened in the form of http://domain/index.php?p=/bla/data.htmlOf course, "p" could be overwritten and some guy was loading a php-mailer from various geocities and yahoo pages, which our server dutifully parsed... We could only shake our heads in disbelieve. This had cost us countless hours of (until now) fruitless work.
So, to summarize it: if you need to find a malicious script and can't for the hell of it figure out where it is: install this patch.
Kudos to Mr. Choon. cheers, Rainer
Current thread:
- Re: How to determine which PHP-script allows spamming? Rainer Duffner (Apr 13)
- Re: How to determine which PHP-script allows spamming? Kurt Seifried (Apr 13)
- Re: How to determine which PHP-script allows spamming? ascii (Apr 14)
- Re: How to determine which PHP-script allows spamming? Kari Asikainen (Apr 14)
- Re: How to determine which PHP-script allows spamming? Rainer Duffner (Apr 15)
- Re: How to determine which PHP-script allows spamming? Ademar Gonzalez (Apr 15)
- Re: How to determine which PHP-script allows spamming? Kurt Seifried (Apr 13)