some PHP scripts on my server, that uses mail() command, are being exploited
the programmer do his homework, validating the from/to address...
but he adds a header (last field of the mail() command) with something like:
enough for spammers to use POST 'mail' as something like "Content-type... bcc: [email protected], [email protected], [email protected], ..."
I found which script was doing this and contacted the owner... he fixed it
but now they're exploiting another script on the server, with the same problem!
but how did they found out?! it's on a different domain...
maybe they got access to my server's PHP files (using "apache" user maybe)?
usually hackers use some software for finding exploitable scripts called as exploit scanners. you also may test your server for expoitable scripts if you have access to similar software (well known software for example is nexus scanner). on theplanet for example you may use free service for this (from orbit customer panel). for doing scan, direct accesss to your server not needed. knewing your ip is enough.
Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR, AS51168