Jump to content
xisto Community
Sign in to follow this  
Jimmy

Php Security Vulnerability - Beware From Spammers If you notice your site becoming really slow, you may be a victim

Recommended Posts

PHP Security

 

 

If you are using PHP on your website we ask that you please read the following carefully.

 

We have noticed a significant number of PHP websites are being compromised due to vulnerable PHP code. Spammers are scanning millions of websites on the Internet looking for PHP scripts that can be exploited to send spam. When they find a script that has a loophole they send thousands of email messages through the script, often taking down the website or severely impacting website performance.

 

Generally these loopholes exploit code using parameters from a form being passed straight to a mail command or page include without being checked for extra characters. These problems include line feeds in email names and addresses, or including any page passed to the script.

 

When we find a site that is being exploited we often have to disable scripting for the whole site or at least for the compromised script (if we can identify it), this can mean unexpected downtime for your website. This problem affects all PHP websites available on the Internet, not just ones hosted by Heart Internet.

 

This issue can often be resolved by upgrading to the latest version of the script or in the case of custom scripts asking your developer to close the loophole that has been exploited.

 

We would ask that you carry out a security audit on your PHP scripts to ensure they are not vulnerable. Whilst we cannot carry out this process for you if you do have any questions then please feel free to contact us. If you are a reseller can we ask that you contact your customers about this issue as well.

 

Thank you for your assistance with this matter.

 

That's all for now


Hope this helped you all!

I know there are newly setup companies offering free audits around, try and google em!

 

Join The Anti-Spam community - put this link at the bottom of your page:

<a href="auditmypc.com/freescan/antispam.html&%2334; target="_blank">Anti Spam</a>
It will give a list of duff email addresses for the bots to harvest, and at the bottom is a link to another page of duff links, and then another link to more, and this repeats essentially forever!

Sending the bots into byebye land, it will simply overload them... hopefully.

Edited by Jimmy (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.