Jason Lieurance wrote on Wednesday, November 30, 2005 2:45 PM: > Hello, > > I run a freebsd 4.7 , apache 1.3.27, php 4.3.2, courier imap 1.4.4, qmail > 1.03, web & email server. > > Our former web designer used some poor code-ing and now spammers are > sending spam through one of the virtual domains web forms. I took away > the contact link for the time being but the messages continue like > they're just being injected with the session or something. I'm not a php > or a web guy, I am competent with admining the server though.
New York PHP has developed a PHundamental to address this: http://www.nyphp.org/phundamentals/email_header_injection.php We've seen this attack in the wild for some time - apparently just scanning. Now it appears as if it may be trying to take advantage of vulnerable sites. Attacks have increased dramatically. --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
