PDA

View Full Version : How to know/detect if ppl using my php script to send spam



firebirdfan
01-28-2004, 03:25 AM
I saw some bounced mail only 1 or 2 to state that this mail was not delivered due to non existant email address, could my domain's smtp be used as relay to spam ?
Since I know the php script/form that I'm using is not secure as formail with the many env_variables set in place.

Thanks

FZ
01-28-2004, 10:55 AM
A possible explanation is that the Worms going around these days use addresses harvested from infected users' address books to spoof the From: header - in my case, I'm affected really badly - yesterday I got about 1000 bouncebacks saying mail I sent had a virus in it. Another explanation could be that you yourself are affected - check out http://housecall.trendmicro.com to do a virus scan online (it's free).

Apart from that, I guess I would have to skim the code of your script to be able to tell (or guess) if it is not very secure.

firebirdfan
01-28-2004, 09:09 PM
thanks for the tip, but i know i dont have the virus. Probaly the strange bounceback mails i receive was because it was harvested & used that as a reply mail, while in your case, why did you get back that 1000 bounce mails ? Is it your script ? Mine is rather simple, I'll pm you on it. thanks

FZ
01-29-2004, 12:16 PM
No problem. Actually, the bouncebacks I get do not have anything to do with a potentially insecure mailer script - it's because my e-mail address has been harvested that I have this problem. It's been like this for over a year now, but using Procmail to filter out the bad mail means it does not harm me (apart from the bandwidth wasted). I suppose the reason I get so many is because of a JavaScript I wrote (Link Fader Script) which has my e-mail address in it, and I guess the worms scan all HTML/JS files on the infected computer too and pick up my address :( Anyway, I've since changed my address (using a different one now) so it's not a problem. Also, it's not usually this bad (1000 a day), I guess this is just the latest epidemic. After a week or two it dies down (then averages around 250 a day, including spam).