ServicesSupportCompanyContact
digital.forest Technical Support
PHP Security Exploit

Please note that an exploit in PHP is being widely abused by spammers to generate untraceable bulk mail. The spammer's identity is completely concealed, while the spam itself is identified as coming from the exploited website. If you use PHP in your website contruction you need to be aware of how to prevent your website from being abused in this way.

The greatest risk from this exploit (beyond being associated with being a spammer) is having all mail from your domain, and ultimately our network rejected. If you rely on email to communicate, and use PHP in your website construction, then you should take this issue very seriously and take all steps to prevent that possibility.

In a nutshell, the issue is injecting mail headers into a PHP form, complete with carriage returns and linefeeds in the right places, to force the web server's mail transport agent to relay thousands of messages per minute off your website. You can read some excellent coverage of the problem and cure at the following links:

www.anders.com

php.net

www.phpit.net

securePHP

This site describes a method to test your forms:

www.developertutorials.com

An additional method, and one we highly recommend, is preventing DIRECT access to form data. Don't put form entry fields on your home page, and limit access to form pages from referrers outside your domain... i.e. only allow access to your pages containing forms from other pages on your website. This can be done with .htaccess files. You can find a tutorial for this here:

apache-server.com

This is a serious risk, and digital.forest must take this seriously as it can have widespread implications regarding the acceptability of outbound mail from our network. As such if we notify you about exploitable forms on your website, whether it is on our servers, or your server colocated in our facilities, please take steps to immediately correct your website code. If we receive and relay to you repeated reports of your forms being exploited, and you have not taken steps to correct the problem we will have no choice but to suspend your service.

We appreciate your swift action with regards to this situation.

Regards,
Chuck Goolsbee
V.P. Technical Operations
digital.forest, Inc.


posted by Chuck G. at 01:41 PM on Thursday, December 8, 2005
Categories: Colocated & Dedicated Servers, Hosting Servers, Mail
Back to top
Online Help Desk
Breaking News
Open and View Support Tickets
Tools
Colocated server reboot
Software updates
Traceroute / Find your IP
Bandwidth Calculator
d.f banners
Frequently Asked Questions
Support News Archive
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
Subscribe to Support News
Email feed:
RSS feed (copy link into RSS reader)
© digital.forest.  Legal Notice, Terms of Service, Privacy Statement