Hello,
recently one of our customers had a badly written php script for
mail form and someone exploited this to send some spam. It is
exploited by injecting entire mail (with additorial recipients) to
From field - when script doesn't take care of additorial new lines.
Detailed description of this attack can be found here:
http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay
Is there any general solution? I was thinking about using
mod_security, but I'm not sure which string to block - not to cause
any false positives. The problem is I don't know form field's name,
so I can test only value. Would "\nTo: " or "\nBcc: " be a good
choice?
--
bYE, Marki
--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org