Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can !
Moderator: General Moderators
anjanesh
DevNet Resident
Posts: 1679 Joined: Sat Dec 06, 2003 9:52 pm
Location: Mumbai, India
Post
by anjanesh » Fri Aug 12, 2005 2:10 pm
My friend is getting comlpaints from his service provider that his server is sending some spam mails.
From an observation standpoint, it appears you may have an insecure PHP script hosted on your server somewhere
Is there any way he can have PHP disabled totally for now ?
I know this works but it seems to work only for the current folder - he needs it stopped throughout.
Code: Select all
<Files ~ "\.php$">
Order Deny,Allow
Deny from all
</Files>
Thanks
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Fri Aug 12, 2005 2:17 pm
disabling php will make all php files show their code.....
anjanesh
DevNet Resident
Posts: 1679 Joined: Sat Dec 06, 2003 9:52 pm
Location: Mumbai, India
Post
by anjanesh » Fri Aug 12, 2005 2:26 pm
So he'll need to have that .htaccess file (the one I posted above) in all sub-directories ?
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Fri Aug 12, 2005 3:00 pm
could probably do it in a mod_rewrite...
timvw
DevNet Master
Posts: 4897 Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium
Post
by timvw » Fri Aug 12, 2005 3:54 pm
simply block outgoing port 25. it's an efficient way to stop outgoing mail
once you have done that, you can start looking for a better solution...
anjanesh
DevNet Resident
Posts: 1679 Joined: Sat Dec 06, 2003 9:52 pm
Location: Mumbai, India
Post
by anjanesh » Sat Aug 13, 2005 12:21 am
Ok - either port 25 or the SMTP port - I guess not all set the SMTP port to 25.
Anyway, Im gonig to search for all php and html files that have the mail() function.
Does mail use port 25 too ?
timvw
DevNet Master
Posts: 4897 Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium
Post
by timvw » Mon Aug 15, 2005 7:58 am
SMTP hosts work on port 25 (as defined by IETF) (Offcourse you could configure your own SMTP server to use port 26 but that's not relevant in this case.)
If you want to see which email there is in your mailbox, you will use a protocol like IMAP or POP3 (preferably with SSL support) and they run default on 143 and 110 (993 and 995 if you are using SSL).
anjanesh
DevNet Resident
Posts: 1679 Joined: Sat Dec 06, 2003 9:52 pm
Location: Mumbai, India
Post
by anjanesh » Mon Aug 15, 2005 8:15 am
According to the Service Provider someone has sent mass emails.
Im assuming someone used PHP's mail function. Is mail() sent through port 25 ?
timvw
DevNet Master
Posts: 4897 Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium
Post
by timvw » Mon Aug 15, 2005 8:47 am
All outgoing mail goes through port 25. So yes, if you use php mail function it will also go through port 25.
(In case you have some very weird setup, where you use an exotic mail relay, you could use for example a http tunnel, so technically you would be using fe port 80. But in that case, the other side of the tunnel would still have to send it to a port 25. And not you, but the other side of the tunnel would recieve complaints...)