httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hans Zaunere" <li...@zaunere.com>
Subject RE: [users@httpd] Web form spam attack
Date Wed, 30 Nov 2005 19:53:09 GMT


Jason Lieurance wrote on Wednesday, November 30, 2005 2:45 PM:
> Hello,
> 
> I run a freebsd 4.7 , apache 1.3.27, php 4.3.2, courier imap 1.4.4, qmail
> 1.03, web & email server.
> 
> Our former web designer used some poor code-ing and now spammers are
> sending spam through one of the virtual domains web forms. I took away
> the contact link for the time being but the messages continue like
> they're just being injected with the session or something. I'm not a php
> or a web guy, I am competent with admining the server though.

New York PHP has developed a PHundamental to address this:

http://www.nyphp.org/phundamentals/email_header_injection.php

We've seen this attack in the wild for some time - apparently just scanning.
Now it appears as if it may be trying to take advantage of vulnerable sites.
Attacks have increased dramatically.


---
Hans Zaunere / President / New York PHP
   www.nyphp.org  /  www.nyphp.com



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message