Quoting Paul G <[EMAIL PROTECTED]>:
>
> ----- Original Message -----
> From: "Andrey Hristov" <[EMAIL PROTECTED]>
> To: "Paul G" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Monday, August 02, 2004 4:18 AM
> Subject: Re: [PHP-DEV] list abuse
>
>
> > Paul G wrote:
> > > folks,
> > >
> > Last time I looked at the message it does spoof the original address and
> is being
> > sent from an unknown server.
>
>
> it is unlikely it does so intentionally. mail coming from the list has
> internals@ listed as the to: address, which the script obviously doesn't
> sanity check. regardless of whether this is malicious, the dude needs to go.
Sure it does it intentionally. I have used to check the site without the
provided link and it looked
like some pr0n site.
Here is the source of the last message. Usually they "come" from addresses like
[EMAIL PROTECTED],
[EMAIL PROTECTED] even [EMAIL PROTECTED] :)
[snip]
Received: from hristov by iko.gotobg.net with local-bsmtp (Exim 4.34)
id 1BrTFY-0005fA-ON
for [EMAIL PROTECTED]; Mon, 02 Aug 2004 06:12:42 +0300
Received: from [66.17.150.83] (helo=tgpnexus.com)
by iko.gotobg.net with esmtp (Exim 4.34)
id 1BrTFY-0007Sp-BJ
for php_at_hristov_punkt_com; Mon, 02 Aug 2004 06:12:32 +0300
Received: (from [EMAIL PROTECTED])
by tgpnexus.com (8.11.6/8.11.6) id i722svi20745;
Sun, 1 Aug 2004 22:54:57 -0400
Date: Sun, 1 Aug 2004 22:54:57 -0400
Message-Id: <[EMAIL PROTECTED]>
To: php_at_hristov_punkt_com
Subject: IMPORTANT: Please Verify Your Message
From: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
[/snip]
As far as I see this email has nothing to do with internals and php.net services
except it spoofs
that it comes from [EMAIL PROTECTED] .So the mail comes from tgpnexus.com
(looks like).
andrey
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
