[EMAIL PROTECTED] wrote:
http://choon.net/php-mail-header.php
Hello,
just a late follow-up.
I never got around to try this patch, but during this week, things got
really out of control and had to be fixed, so I installed it.
The culprit turned out to be some guy who, instead of creating links to
his web-pages decided to include them.
This happened in the form of http://domain/index.php?p=/bla/data.html
Of course, "p" could be overwritten and some guy was loading a
php-mailer from various geocities and yahoo pages, which our server
dutifully parsed...
We could only shake our heads in disbelieve. This had cost us countless
hours of (until now) fruitless work.
So, to summarize it: if you need to find a malicious script and can't
for the hell of it figure out where it is: install this patch.
Kudos to Mr. Choon.
cheers,
Rainer
