I'm developing a serious hatred for spammers.
My server's been a source of spam a couple times the last few weeks. It was simple to trace it down to a particular user on my server, a site with PHP forum software. PHP holes are hardly a surprise, so I quickly shut down the site (chmod -rx htdocs/) and emailed the site admin to upgrade their software before reenabling.
Figuring it was taken care of, I forgot about it.
But today, same thing. Shut down the site again and sent another email. I finally had some time to help try find the problem. Turned out to be a simple PHP bulk emailer that the spammers had installed last time they got in! A remarkably simple script, it simply presented an HTML form where the From, Subject, etc lines were filled in and a huge list of emails into a textarea.
Emails sent were mostly "Wells Fargo" and "Royal Bank" phishing emails. Landed me on some black lists I now gotta get off of. Gah, bloody criminals.
Posted by Boone at November 14, 2005 09:38 PMHey,
I get the same thing every once in a while. I haven't thought of a good foolproof way of detecting sites that are vulnerable, whether it be via buggy off the shelf PHP/Perl scripts, poorly written code, malicious developers, lazy developers, or whatever. And with multiple sites, it can be be fun to try track down which one it came from...
W
Posted by: Wim at January 3, 2006 10:00 AMI had the same thing happen.
They uploaded it by using a url script that connected with another server (furnishing a backdoor)which ran perl scripts to do their damage.