On Friday, March 10, 2006 4:17 PM -0800 jdow <[EMAIL PROTECTED]> wrote:
But also check out the mail scripts you have. I don't have any such so I don't pay attention to specifics. But they have been known to have various vulnerabilities that get addressed over time. If you got the script from somewhere else you might check if there is an update.
PHP is notorious for its poor mail API's and its system() API. It's pretty easy to write bad code that can be easily exploited, and a lot of exuberant but novice coders have splattered poor security around the web. (Web forum software, pre-nms formmail, and Twiki come to mind.) If you have any PHP that sends mail, make sure it's been audited by someone with enough experience to know what to look for.
