httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Robinson <>
Subject Re: [users@httpd] apache hacked to send spam!
Date Thu, 19 Jan 2006 15:42:54 GMT
Quoting maillists <>:

> Hello List,
> I have been trying to isolate attacks on my server where someone is
> using apache to send spam from my host. I have been hit quite a bit in
> the past 2 days. Some of my websites have web forms, but I'm pretty sure
> that they are tight.

Are these forms proccesed with PHP? Has the code been checked to make 
sure it is
immune to the PHP Mail Injection that surfaced last summer?

> This is a new
> line item in my daily Logwatch in the sendmail area that just started to
> appear with the spam attacks:
> <snip>
> Authentication warnings:
>     apache set sender to using -f: 7 Times(s)
> </snip>
> ( is a real user on my host.)

In PHP, you can use the fifth parameter to the mail() function to set certain
attributes in the SMTP header. If the programmer uses '-f',
the  "Return-path:" header is set to ''. Some email 
systems are
now rejecting the email if the domain name in the Return-path header is 
not the
same as the domain name in the "From:" header.

This warning and the spam probably are not connected

> I am using Redhat9
> Apache/2.0.40
> php-4.2.2-17.2

PHP 4.2.2 is rather old. I would suggest upgrading to at least 4.10 or 4.11


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message