Ben-Chi
02-24-2006, 01:19 PM
Hey there
this morning I found a lot of mails in my inbox which seemed to be spam-comments on my pp-blog. At a closer glance I found out, that these spam-comment have not been just ordinary spam-comments or normal comments. However. The text of the mail was just weared freaky stuff. In the access.log an the mail.log files of my providers server I saw these entries which just looked like that somebody used a security leak to send mails through the "save_comment"-call in the index.php.
For a fast'n'dirty workaround I commented the whole thing out to stop mailing my inbox till its borders. The messages in the access-and-mails log looked like:
-------------------
---http-access----
-------------------
200.87.19.124 - - [24/Feb/2006:08:45:57 +0100] "POST /index.php?popup=comment&x=save_comment HTTP/1.1" 200 663 www.mydomain.de "http://www.mydomain.de/" "-" "-"
--------------
----MAIL-----
--------------
2006/02/24-08:45:57 28.117100716.12459.1140767157 <= mbx-user Commandline=/usr/sbin/sendmail -t -i ENV_Script=/pp/index.php ENV_Remote=200.87.19.124
2006/02/24-08:45:57 28.117100716.12459.1140767157 ** header too large. Max is 4000 characters
That whole Story started at something like 4 o'clock in the morning till i commented out the save_comment thing at about nine. I abondon on the comments, my dearest wish is to keep my box clean. Till that point I had more than 130 Mails. So just Mails. Spam-Mails from the index.php. Disgusting!
Anybody has any similiar behavior?!?!
rgds.
BEN
this morning I found a lot of mails in my inbox which seemed to be spam-comments on my pp-blog. At a closer glance I found out, that these spam-comment have not been just ordinary spam-comments or normal comments. However. The text of the mail was just weared freaky stuff. In the access.log an the mail.log files of my providers server I saw these entries which just looked like that somebody used a security leak to send mails through the "save_comment"-call in the index.php.
For a fast'n'dirty workaround I commented the whole thing out to stop mailing my inbox till its borders. The messages in the access-and-mails log looked like:
-------------------
---http-access----
-------------------
200.87.19.124 - - [24/Feb/2006:08:45:57 +0100] "POST /index.php?popup=comment&x=save_comment HTTP/1.1" 200 663 www.mydomain.de "http://www.mydomain.de/" "-" "-"
--------------
----MAIL-----
--------------
2006/02/24-08:45:57 28.117100716.12459.1140767157 <= mbx-user Commandline=/usr/sbin/sendmail -t -i ENV_Script=/pp/index.php ENV_Remote=200.87.19.124
2006/02/24-08:45:57 28.117100716.12459.1140767157 ** header too large. Max is 4000 characters
That whole Story started at something like 4 o'clock in the morning till i commented out the save_comment thing at about nine. I abondon on the comments, my dearest wish is to keep my box clean. Till that point I had more than 130 Mails. So just Mails. Spam-Mails from the index.php. Disgusting!
Anybody has any similiar behavior?!?!
rgds.
BEN