From: Robert Cummings on 7 Jun 2010 16:56 Brian Dunning wrote: > Agreed that's a great overall strategy but what I need now is a way to track down the offending script, within the next few days if possible. > > On Jun 7, 2010, at 1:35 PM, Jim Lucas wrote: > >> Change all the forms to use a single >> processing script and then you won't have such a big problem tracking down the >> "information processing error/insecurity" that you are having. Create a user space function called mail_filtered() that accepts all the parameters that the usual mail function does. Then change all occurrences of the mail() function call to mail_filtered() and for each email sent, create a log of it and a shallow copy of debug_backtrace() so you can see where it originated. I always use some kind of mail lib that allows me to debug emails by adding extra information and redirecting the address during dev. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized.
From: Brian Dunning on 7 Jun 2010 17:34 I think I must have misstated the problem. Thanks to everyone for the replies, but the question is not how to fix it, it's how to find the script being attacked. Many different admins manage many different sites on this server, and I can't even begin to guess how many mail forms are on there from different programmers. I'm currently downloading the logs as Peter suggested, and will take a look. I'm not much of a sysad and I just thought maybe someone might know a way to sniff outgoing email or something, I really don't know how to attack this. Fixing the scripts is a long term solution, obviously, but I need a short term fix other than killing email on the apache account. Might be more of a Linux question than a PHP question.
From: Ashley Sheridan on 7 Jun 2010 18:08 On Mon, 2010-06-07 at 14:34 -0700, Brian Dunning wrote: > I think I must have misstated the problem. Thanks to everyone for the replies, but the question is not how to fix it, it's how to find the script being attacked. Many different admins manage many different sites on this server, and I can't even begin to guess how many mail forms are on there from different programmers. > > I'm currently downloading the logs as Peter suggested, and will take a look. I'm not much of a sysad and I just thought maybe someone might know a way to sniff outgoing email or something, I really don't know how to attack this. Fixing the scripts is a long term solution, obviously, but I need a short term fix other than killing email on the apache account. > > Might be more of a Linux question than a PHP question. > > See if you can find all calls to a mail function in PHP. The easiest way to use a form to send spam is to enter your own headers, for example, in one of the fields. For instance, if a form has a to field, just enter a string like this: "test(a)test.com\nbcc:spam(a)spam.com" which will then send email to the spam address as a bcc recipient. Thanks, Ash http://www.ashleysheridan.co.uk
From: Karl DeSaulniers on 7 Jun 2010 18:21 Well you coud do just that but after you turn it back on. Set up a fresh error log based on the reset of the mail server. You then have some kind of script monitoring the in and out of your server. Disconnecting the mail server momentarily and maybe a pass reset for your users would stunt the hacker for a second, but would help you set up a line if defense before they found a way back in. I am not a sysad myself, but that seems like a logical way about it. If you let your users know ahead of time that this server and pass reset is to save their server from attack, most will ablige. Also let them know to not use the same password. There may be a better solution though that I don't know of. I'll let the gurus interject. :) Hth Karl Sent from losPhone On Jun 7, 2010, at 4:34 PM, Brian Dunning <brian(a)briandunning.com> wrote: > I think I must have misstated the problem. Thanks to everyone for > the replies, but the question is not how to fix it, it's how to find > the script being attacked. Many different admins manage many > different sites on this server, and I can't even begin to guess how > many mail forms are on there from different programmers. > > I'm currently downloading the logs as Peter suggested, and will take > a look. I'm not much of a sysad and I just thought maybe someone > might know a way to sniff outgoing email or something, I really > don't know how to attack this. Fixing the scripts is a long term > solution, obviously, but I need a short term fix other than killing > email on the apache account. > > Might be more of a Linux question than a PHP question. > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
From: Jim Lucas on 7 Jun 2010 19:57 Brian Dunning wrote: > I think I must have misstated the problem. Thanks to everyone for the replies, but the question is not how to fix it, it's how to find the script being attacked. Many different admins manage many different sites on this server, and I can't even begin to guess how many mail forms are on there from different programmers. > > I'm currently downloading the logs as Peter suggested, and will take a look. I'm not much of a sysad and I just thought maybe someone might know a way to sniff outgoing email or something, I really don't know how to attack this. Fixing the scripts is a long term solution, obviously, but I need a short term fix other than killing email on the apache account. > > Might be more of a Linux question than a PHP question. > > I think you miss understood Roberts suggestion. Please go back and re-read his message. Once you understand what information will be sent to you, you will realize by implementing this technique that you will be given all the information you need to identify the source of the problem. Then, hopefully you will also get the information you need to know how to resolve your issue. -- Jim Lucas A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: empty() and method return values Next: complex if statement for field validation |