httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Robinson <kenrb...@rbnsn.com>
Subject Re: [users@httpd] apache hacked to send spam!
Date Thu, 19 Jan 2006 15:42:54 GMT
Quoting maillists <lists@gmnet.net>:

> Hello List,
>
> I have been trying to isolate attacks on my server where someone is
> using apache to send spam from my host. I have been hit quite a bit in
> the past 2 days. Some of my websites have web forms, but I'm pretty sure
> that they are tight.

Are these forms proccesed with PHP? Has the code been checked to make 
sure it is
immune to the PHP Mail Injection that surfaced last summer?

>
> This is a new
> line item in my daily Logwatch in the sendmail area that just started to
> appear with the spam attacks:
>
> <snip>
> Authentication warnings:
>     apache set sender to info@gmnet.net using -f: 7 Times(s)
> </snip>
> (info@gmnet.net is a real user on my host.)

In PHP, you can use the fifth parameter to the mail() function to set certain
attributes in the SMTP header. If the programmer uses '-f user@domain.name',
the  "Return-path:" header is set to 'user@domain.name'. Some email 
systems are
now rejecting the email if the domain name in the Return-path header is 
not the
same as the domain name in the "From:" header.

This warning and the spam probably are not connected

> I am using Redhat9
> Apache/2.0.40
> php-4.2.2-17.2

PHP 4.2.2 is rather old. I would suggest upgrading to at least 4.10 or 4.11

Ken




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message