Network Security: Detailed info on Re: R: How to determine which PHP-script allows spamming?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: R: How to determine which PHP-script allows spamming?

from [Mike Owen] Network Security

[Permanent Link]

Subject:	Re: R: How to determine which PHP-script allows spamming?
Date:	Mon, 27 Feb 2006 17:45:25 -0800

On 2/27/06, Sebastian En3pY Zdrojewski <en3py@itvc.net> wrote:

You might enable the safe_mode of PHP and disable the mail() function of PHP
to avoid its usage.

Sincerely

En3pY


I doubt disabling mail is a viable option. Because the OP doesn't know
which hosted site is sending the email, it would have to be disabled
for all users. I'm sure out of the 10k sites hosted, a fair number
send email via PHP. Shutting off access to them in order to limit a
single spammer isn't going to make their customers very happy.

Forcing safe_mode is probably something you could get away with. It'll
break some applications that users like to install, but in this case
it's probably justifiable. That's a business decision you or your
management will need to make however.

HTH,
Mike

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
How to determine which PHP-script allows spamming?, Rainer Duffner Re: How to determine which PHP-script allows spamming?, Alex Re: How to determine which PHP-script allows spamming?, Andre Yelistratov R: How to determine which PHP-script allows spamming?, Sebastian \"En3pY\" Zdrojewski Re: R: How to determine which PHP-script allows spamming?, Mike Owen <= Re: Re: How to determine which PHP-script allows spamming?, tyler

Previous by Date:	Re: Re: How to determine which PHP-script allows spamming?, tyler
Next by Date:	RE: Bizarre traffic, David Gillett
Previous by Thread:	R: How to determine which PHP-script allows spamming?, Sebastian \"En3pY\" Zdrojewski
Next by Thread:	Re: Re: How to determine which PHP-script allows spamming?, tyler
Indexes:	[Date] [Thread] [Top] [All Lists]