php mail headers - X-PHP-Script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jeffz2010
Forum Newbie
Posts: 10
Joined: Sat Nov 28, 2009 8:40 am

php mail headers - X-PHP-Script

Post by jeffz2010 »

At some point a patch was added to php allowing identification of a rogue script sending spam (for instance).
It looks (in sent mail headers) something like this:

Code: Select all

X-PHP-Script http://www.domain.co.uk/mailscript.php for [sending IP]
Is there a way to hide, or modify this part: "www.domain.co.uk/", say to ... some id number - meaningless to outsider, but serving as resource locator for eg. admin looking for source of trouble?
Does php allows that?

If yes, how it is done?
Anyone knows?

regards,

Jeff
User avatar
daedalus__
DevNet Resident
Posts: 1925
Joined: Thu Feb 09, 2006 4:52 pm

Re: php mail headers - X-PHP-Script

Post by daedalus__ »

are you parsing logs?

look up string functions and regular expressions.
jeffz2010
Forum Newbie
Posts: 10
Joined: Sat Nov 28, 2009 8:40 am

Re: php mail headers - X-PHP-Script

Post by jeffz2010 »

daedalus__ wrote:are you parsing logs?
look up string functions and regular expressions.
Its not that.
To my taste, it reveals a vital info (e.g. directory structure) to a potential bad guy.
e.g. recent exploit decimating osCommerce based systems - to start with.
It prevents developer from hiding e.g. admin section location, also it defeats any active hide/seek solution.
Patch was intended to show, which script is out of line, but in this form it is just dangerous advert of system's underbelly.

I wonder if instead of:

Code: Select all

X-PHP-Script http://www.domain.co.uk/mailscript.php for [sending IP]
one would be able to:

Code: Select all

X-PHP-Script [internal_id_number]/mailscript.php for [sending IP]
[internal_id_number] is more than enough to locate out-of-line script (if name alone is not enough).
User avatar
daedalus__
DevNet Resident
Posts: 1925
Joined: Thu Feb 09, 2006 4:52 pm

Re: php mail headers - X-PHP-Script

Post by daedalus__ »

well... you'll have to find a way to change the header. the hard drive on my development machine took a crap today so i can't really experiment.

you couldddd change the patch :)

Code: Select all

 
                strcpy(headers2, "X-PHP-Script: ");
        strcat(headers2, Z_STRVAL_PP(server_name));
        strcat(headers2, Z_STRVAL_PP(php_self));
        strcat(headers2, " for ");
        if (forwarded_for) {
            strcat(headers2, Z_STRVAL_PP(forwarded_for));
            strcat(headers2, ", ");
        }
        strcat(headers2, Z_STRVAL_PP(remote_addr));
 
those lines
Post Reply