Disabling PHP totally

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
User avatar
anjanesh
DevNet Resident
Posts: 1679
Joined: Sat Dec 06, 2003 9:52 pm
Location: Mumbai, India

Disabling PHP totally

Post by anjanesh »

My friend is getting comlpaints from his service provider that his server is sending some spam mails.
From an observation standpoint, it appears you may have an insecure PHP script hosted on your server somewhere
Is there any way he can have PHP disabled totally for now ?

I know this works but it seems to work only for the current folder - he needs it stopped throughout.

Code: Select all

<Files ~ "\.php$">
Order Deny,Allow
Deny from all
</Files>
Thanks
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

disabling php will make all php files show their code.....
User avatar
anjanesh
DevNet Resident
Posts: 1679
Joined: Sat Dec 06, 2003 9:52 pm
Location: Mumbai, India

Post by anjanesh »

So he'll need to have that .htaccess file (the one I posted above) in all sub-directories ?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

could probably do it in a mod_rewrite...
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

simply block outgoing port 25. it's an efficient way to stop outgoing mail ;)

once you have done that, you can start looking for a better solution...
User avatar
anjanesh
DevNet Resident
Posts: 1679
Joined: Sat Dec 06, 2003 9:52 pm
Location: Mumbai, India

Post by anjanesh »

Ok - either port 25 or the SMTP port - I guess not all set the SMTP port to 25.

Anyway, Im gonig to search for all php and html files that have the mail() function.
Does mail use port 25 too ?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

SMTP hosts work on port 25 (as defined by IETF) (Offcourse you could configure your own SMTP server to use port 26 but that's not relevant in this case.)


If you want to see which email there is in your mailbox, you will use a protocol like IMAP or POP3 (preferably with SSL support) and they run default on 143 and 110 (993 and 995 if you are using SSL).
User avatar
anjanesh
DevNet Resident
Posts: 1679
Joined: Sat Dec 06, 2003 9:52 pm
Location: Mumbai, India

Post by anjanesh »

According to the Service Provider someone has sent mass emails.
Im assuming someone used PHP's mail function. Is mail() sent through port 25 ?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

All outgoing mail goes through port 25. So yes, if you use php mail function it will also go through port 25.

(In case you have some very weird setup, where you use an exotic mail relay, you could use for example a http tunnel, so technically you would be using fe port 80. But in that case, the other side of the tunnel would still have to send it to a port 25. And not you, but the other side of the tunnel would recieve complaints...)
Post Reply