Page 1 of 1
Disabling PHP totally
Posted: Fri Aug 12, 2005 2:10 pm
by anjanesh
My friend is getting comlpaints from his service provider that his server is sending some spam mails.
From an observation standpoint, it appears you may have an insecure PHP script hosted on your server somewhere
Is there any way he can have PHP disabled totally for now ?
I know this works but it seems to work only for the current folder - he needs it stopped throughout.
Code: Select all
<Files ~ "\.php$">
Order Deny,Allow
Deny from all
</Files>
Thanks
Posted: Fri Aug 12, 2005 2:17 pm
by feyd
disabling php will make all php files show their code.....
Posted: Fri Aug 12, 2005 2:26 pm
by anjanesh
So he'll need to have that .htaccess file (the one I posted above) in all sub-directories ?
Posted: Fri Aug 12, 2005 3:00 pm
by feyd
could probably do it in a mod_rewrite...
Posted: Fri Aug 12, 2005 3:54 pm
by timvw
simply block outgoing port 25. it's an efficient way to stop outgoing mail
once you have done that, you can start looking for a better solution...
Posted: Sat Aug 13, 2005 12:21 am
by anjanesh
Ok - either port 25 or the SMTP port - I guess not all set the SMTP port to 25.
Anyway, Im gonig to search for all php and html files that have the mail() function.
Does mail use port 25 too ?
Posted: Mon Aug 15, 2005 7:58 am
by timvw
SMTP hosts work on port 25 (as defined by IETF) (Offcourse you could configure your own SMTP server to use port 26 but that's not relevant in this case.)
If you want to see which email there is in your mailbox, you will use a protocol like IMAP or POP3 (preferably with SSL support) and they run default on 143 and 110 (993 and 995 if you are using SSL).
Posted: Mon Aug 15, 2005 8:15 am
by anjanesh
According to the Service Provider someone has sent mass emails.
Im assuming someone used PHP's mail function. Is mail() sent through port 25 ?
Posted: Mon Aug 15, 2005 8:47 am
by timvw
All outgoing mail goes through port 25. So yes, if you use php mail function it will also go through port 25.
(In case you have some very weird setup, where you use an exotic mail relay, you could use for example a http tunnel, so technically you would be using fe port 80. But in that case, the other side of the tunnel would still have to send it to a port 25. And not you, but the other side of the tunnel would recieve complaints...)