Quoting maillists <lists@xxxxxxxxx>:
Hello List, I have been trying to isolate attacks on my server where someone is using apache to send spam from my host. I have been hit quite a bit in the past 2 days. Some of my websites have web forms, but I'm pretty sure that they are tight.
Are these forms proccesed with PHP? Has the code been checked to make sure it is
immune to the PHP Mail Injection that surfaced last summer?
This is a new
line item in my daily Logwatch in the sendmail area that just started to
appear with the spam attacks:
<snip>
Authentication warnings:
apache set sender to info@xxxxxxxxx using -f: 7 Times(s)
</snip>
(info@xxxxxxxxx is a real user on my host.)
In PHP, you can use the fifth parameter to the mail() function to set certain attributes in the SMTP header. If the programmer uses '-f user@xxxxxxxxxxx',the "Return-path:" header is set to 'user@xxxxxxxxxxx'. Some email systems are now rejecting the email if the domain name in the Return-path header is not the
same as the domain name in the "From:" header. This warning and the spam probably are not connected
I am using Redhat9 Apache/2.0.40 php-4.2.2-17.2
PHP 4.2.2 is rather old. I would suggest upgrading to at least 4.10 or 4.11 Ken --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|