The trouble is, your concern also comes from other indirect security problems, from the applications they use to directory permissions. Not just forms your customers use/write.
Did you come across this at all? http://www.howtoforge.com/how-to-log-emails-sent-with-phps-mail-function-to-detect-form-spam Regards Aaron Cooper ----- Original Message ----- From: Simon To: [email protected] Sent: Wednesday, March 03, 2010 4:35 PM Subject: [phpug] PHP mail from a ISP's point of view OK.. so what im wondering is what people are doing to protect themselves from the PHP mail command from an ISP's point of view. We run a small hosting company that deals mainly with corporate customers and also wholesales to web developers. We run debian stable for our web servers (apache/php) and a dedicated outgoing mail server (postfix) so we can review log files etc. SOME customers are, how do we say it, less than perfect when using form to mail solutions.. leaving the way open for header injection attacks. Now we know how to put measures in place to stop it on the sites that we build and manage, which is all good, but what im trying to think of is a way to track usage of the outgoing mail command usage.. PHP 5.3 gives me some really good ways of doing this, but debian does not have php 5.3 and there are some things that people need to do to their websites before we upgrade. (in fact we will prob setup a new server and migrate people over rather than just upgrade). Any input is much appreciated! Simon -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
