Hi All,
I'm working for an hosting company, we have a lot of PHP users and see regularly that one of the
scripts from our users is hacked. Result?, a lot of spam on the net, and a lot of work the find the
spamming scripts on the servers.
If you have a PHP script that sends mail, the recipient of the mail message will only see which
server it was sent from. There will normally be no record of who originated the message, or which
script on the server actually caused it to be sent. This can make it difficult to trace misuse, even
if you have comprehensive mail and webserver logs.
I think it should be usefull to add the "PHP mail() header patch" from Steve Bennett in safemode by
default.
The header could be in the form:
X-PHP-Script: <servername><php-self> for <remote-addr>
For example:
X-PHP-Script: www.example.com/~user/testapp/send-mail.php for 10.0.0.1
The patch can be found at:
http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/
Best Regards,
Paul van Brouwershaven
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
