I'll be going through all scripts installed on the server. I've limited
quite a bit, already. PHP is really really bad. But, I've done a heck of
a lot to close things down. I'm sure I missed something, somewhere, in
the scripts. What a pain, running multiple domains for others.
My scripts are really buttoned down, those that I have written myself.
The perl scripts do use the CGI code, latest. And I do my own regex
stuff. I'll double-check my tests. I just don't yet see how the messages
are getting through. If I could figure out what script... I've got to
figure out some way to audit...
On Fri, 10 Mar 2006 17:00:02 -0800, Kenneth Porter <[EMAIL PROTECTED]>
wrote:
On Friday, March 10, 2006 4:17 PM -0800 jdow <[EMAIL PROTECTED]> wrote:
But also check out the mail scripts you have. I don't have any such so I
don't pay attention to specifics. But they have been known to have
various
vulnerabilities that get addressed over time. If you got the script from
somewhere else you might check if there is an update.
PHP is notorious for its poor mail API's and its system() API. It's
pretty easy to write bad code that can be easily exploited, and a lot of
exuberant but novice coders have splattered poor security around the
web. (Web forum software, pre-nms formmail, and Twiki come to mind.) If
you have any PHP that sends mail, make sure it's been audited by someone
with enough experience to know what to look for.
--
73 de Tomas, NW7US
: Propagation Editor for CQ, CQ VHF, Popular Communications :
: Contributing Editor for Monitoring Times - on Propagation :
: Creator; live propagation center http://prop.hfradio.org/ :
: Associate Member of Propagation Studies Committee of RSGB :
: 122.93W 47.67N / Brinnon, Washington USA CN87 CW/SSB/DIGI :
: Website/software/database design http://newwebmakers.com/ :
: 10x56526, FISTS 7055, FISTS NW 57, Lighthouse Society 144 :
