[nycphp-talk] worm/virus's hammering feedback scripts?
Billy Reisinger
mail at billyreisinger.com
Mon Sep 12 09:55:59 EDT 2005
I think it is important to note that the attacker(s) are probably using
many email addresses, and that everyone should start checking their
input fields to make sure that MIME headers aren't being injected into
their mail scripts.
Cheers,
Billy Reisinger
Hans Zaunere wrote:
>Rolan Yang scribbled on Sunday, September 11, 2005 11:52 PM:
>
>
>>One more hint to all:
>>
>> If you are hosting php scripts for other people, or simply have too
>>many to comb through on your own server(s), grep your mail server log
>>for "jrubin3546 at aol.com". If you see any results, cross reference
>>that time with your web logs to locate the exploitable script.
>>
>>
>
>Another address I've seen is mhkoch321 at aol.com
>
>Rolan, and I think you're right about this problem not getting enough
>exposure. If you can write-up a couple of paragraphs about it, I'll post it
>on nyphp.org's frontpage.
>
>
>---
>Hans Zaunere / President / New York PHP
> www.nyphp.org / www.nyphp.com
>
>
>_______________________________________________
>New York PHP Talk Mailing List
>AMP Technology
>Supporting Apache, MySQL and PHP
>http://lists.nyphp.org/mailman/listinfo/talk
>http://www.nyphp.org
>
>
>
>
>
More information about the talk
mailing list