Site hacked to send spam
Asked Modified Viewed 2,311 times
asked
Hi Folks
I have been informed by my IPS that my site has been used to send spam. I have noticed a couple of strange e-mails in the last day. They have initiated mod_security on the site, but advised me to notify you, to change the "sendmail" code. They feel it is somewhere in the "Contact Me" code.
Chris
chris@grabil.ca
I have been informed by my IPS that my site has been used to send spam. I have noticed a couple of strange e-mails in the last day. They have initiated mod_security on the site, but advised me to notify you, to change the "sendmail" code. They feel it is somewhere in the "Contact Me" code.
Chris
chris@grabil.ca
You may want to remove that file from your server until you get this problem solved.
Do a site search here, because I think there was a similar problem with the "Contact Me" file that has been posted.
Someone else should be addressing this soon that will be able to help you more.
Do a site search here, because I think there was a similar problem with the "Contact Me" file that has been posted.
Someone else should be addressing this soon that will be able to help you more.
answered
Something i have noted is that this all started after I put my site up on the PHPFusion site as an example. I suspect there are a number of lurkers that snatch up the new site URLs and go to work to hack them!
I suggest that this be removed from the PHPFusion site until this can get hammered out. No point in spoon feeding the idiots.
Chris
I suggest that this be removed from the PHPFusion site until this can get hammered out. No point in spoon feeding the idiots.
Chris
Edited by old_mac on 05-04-2006 15:09,
Chris, are you running latest version, 6.00.305? There was a problem with spam in a older version. If you are not running the latest version, try upgrade.
answered
YUP I upgraded to 6.00.305 about a week ago. This started when I was on version 6.00.303.
Chris
Chris
answered
There was a howto some time ago about why you should never put "Contact.php" on the server in that exact name. You should always rename it to a random name because people scan for that exact name. I would recommend not putting contact.php on your server if you've already had problems. If people want to email you they'll contact you if its important.
answered
I just read about changing the name like you suggest. Why not put all the names into MD5? Then nobody will know what files do what!
Chris
Chris
answered
My hosting company sent out a notice some time back about contact forms. In fact, they took a proactive stance of searching servers for files named "contact.php" and would delete them (or at least that's what they said they would do)! So I just changed my contact form to another file name and changed the links. Therefore this is NOT an issue unique to PHPFusion.
Bad_boy is right about this being posted earlier. In fact, I think I posted my hosting companies email when I received it so Fusion users would be aware that there were hackers out there looking for that file name so they could exploit it.
Bad_boy is right about this being posted earlier. In fact, I think I posted my hosting companies email when I received it so Fusion users would be aware that there were hackers out there looking for that file name so they could exploit it.
Category Forum
Bugs and Errors - 6Labels
None yet
Statistics
- Views 0 views
- Posts 7 posts
- Votes 0 votes
- Topic users 5 members
0 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions