Quoting maillists <[EMAIL PROTECTED]>:
Hello List,
I have been trying to isolate attacks on my server where someone is
using apache to send spam from my host. I have been hit quite a bit in
the past 2 days. Some of my websites have web forms, but I'm pretty sure
that they are tight.
Are these forms proccesed with PHP? Has the code been checked to make
sure it is
immune to the PHP Mail Injection that surfaced last summer?
This is a new
line item in my daily Logwatch in the sendmail area that just started to
appear with the spam attacks:
<snip>
Authentication warnings:
apache set sender to [EMAIL PROTECTED] using -f: 7 Times(s)
</snip>
([EMAIL PROTECTED] is a real user on my host.)
In PHP, you can use the fifth parameter to the mail() function to set certain
attributes in the SMTP header. If the programmer uses '-f [EMAIL PROTECTED]',
the "Return-path:" header is set to '[EMAIL PROTECTED]'. Some email
systems are
now rejecting the email if the domain name in the Return-path header is
not the
same as the domain name in the "From:" header.
This warning and the spam probably are not connected
I am using Redhat9
Apache/2.0.40
php-4.2.2-17.2
PHP 4.2.2 is rather old. I would suggest upgrading to at least 4.10 or 4.11
Ken
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
