Php Security Vulnerability - Beware From Spammers If you notice your site becoming really slow, you may be a victim

[Jimmy 0]

PHP Security

 

 

If you are using PHP on your website we ask that you please read the following carefully.

 

We have noticed a significant number of PHP websites are being compromised due to vulnerable PHP code. Spammers are scanning millions of websites on the Internet looking for PHP scripts that can be exploited to send spam. When they find a script that has a loophole they send thousands of email messages through the script, often taking down the website or severely impacting website performance.

 

Generally these loopholes exploit code using parameters from a form being passed straight to a mail command or page include without being checked for extra characters. These problems include line feeds in email names and addresses, or including any page passed to the script.

 

When we find a site that is being exploited we often have to disable scripting for the whole site or at least for the compromised script (if we can identify it), this can mean unexpected downtime for your website. This problem affects all PHP websites available on the Internet, not just ones hosted by Heart Internet.

 

This issue can often be resolved by upgrading to the latest version of the script or in the case of custom scripts asking your developer to close the loophole that has been exploited.

 

We would ask that you carry out a security audit on your PHP scripts to ensure they are not vulnerable. Whilst we cannot carry out this process for you if you do have any questions then please feel free to contact us. If you are a reseller can we ask that you contact your customers about this issue as well.

 

Thank you for your assistance with this matter.

 

That's all for now

Hope this helped you all!

I know there are newly setup companies offering free audits around, try and google em!

 

Join The Anti-Spam community - put this link at the bottom of your page:

<a href="auditmypc.com/freescan/antispam.html&%2334; target="_blank">Anti Spam</a>

It will give a list of duff email addresses for the bots to harvest, and at the bottom is a link to another page of duff links, and then another link to more, and this repeats essentially forever!

Sending the bots into byebye land, it will simply overload them... hopefully.

Edited May 23, 2007 by Jimmy (see edit history)

[ghostrider 0]

Thanks for posting this. Just checked through my PHP scripts and I'm totally unvulnerable .