cranachan
02-18-2006, 10:44 PM
Over the last few days I have been getting a lot of email spam sent from my directory. Being aware of the vulnerabilities of additional headers such as BCC: being injected via the subject or message field to fool the mailer into sending spam messages I have scripts on all my sites to strip out newlines and bcc: etc from contact forms etc. Usually this works, but this time it is persistent. I know it is happening because I get garbage mails with snippets of poems/prose and sent to funny addresses at my domain.
This time though the from address is the host address, not that used by any form on my site. This makes me think that stuff is being injected straight into PHPLD bypassing any of the mail functions.
Is this happening to anyone else, and is there a vulnerability in the PHPLD script that could let this happen?
When this happened before on other sites (not PHPLD) the spammer has given up after a while. Usually amongst the garbage is a genuine email address used to let the spammer know he has found a vulnerable script. As there is no sign of this letting up I am obviously concerned there is a vulnerability.
This time though the from address is the host address, not that used by any form on my site. This makes me think that stuff is being injected straight into PHPLD bypassing any of the mail functions.
Is this happening to anyone else, and is there a vulnerability in the PHPLD script that could let this happen?
When this happened before on other sites (not PHPLD) the spammer has given up after a while. Usually amongst the garbage is a genuine email address used to let the spammer know he has found a vulnerable script. As there is no sign of this letting up I am obviously concerned there is a vulnerability.