RE: PHP mail spam

To: "'Carlos Acedo'" <carlos@pangea.org>
Cc: <debian-isp@lists.debian.org>
Subject: RE: PHP mail spam
From: "Soenke Ruempler - NorthClick " <soenke.ruempler@northclick.de>
Date: Wed, 23 May 2007 11:11:00 +0200
Message-id: <[🔎] 000601c79d1a$4a90c2a0$1002a8c0@kellerautomat>
In-reply-to: <[🔎] 46540394.5030904@pangea.org>

Carlos Acedo <mailto:carlos@pangea.org> wrote on Wednesday, May 23, 2007
11:04 AM:

> Ok, I finally mange to compile it by my self, it was not too
> hard after
> all, besides, packages at dotdeb are too new for my sarge, that
> would make me reinstall all php packages.

Look into you phpinfo(), check if suhosin is active and
"suhosin.mail.protect" is set to "1".

Configure the logging right that it logs into a file or the sapi error
handler. See suhosin logging config items.

Then make simple test script that injects a "\nblah" into the Subject line
and mail() it.

Then you should see "ALERT" ... in your log and you know that the attack was
successfully averted.

-- 

Mit freundlichen Grüßen
Soenke Ruempler
Development

NorthClick GmbH

Gasstr. 10 - 22761 Hamburg
Tel.: 040 8 22 44 999 - Fax: 040 8 22 44 998
Internet: http://www.northclick.de/

Geschäftsführer: F. Detzner | M. Henze | C. Springub
Amtsgericht Hamburg, HRB 94459

Reply to:

References:
- Re: PHP mail spam
  - From: Carlos Acedo <carlos@pangea.org>

Prev by Date: Re: PHP mail spam
Next by Date: Re: PHP mail spam
Previous by thread: Re: PHP mail spam
Next by thread: Re: PHP mail spam
Index(es):
- Date
- Thread