Patrick's Rants


Movies at CDUniverse.com

4/13/2007

Danged Script Kiddies – Spam Attack

Filed under: Geek News and Stuff — site admin @ 10:37 am

Every now and then I get a pile of returned mail for apache, the webserver this machine uses. I had thought that it was a sendmail misconfiguration and was attacking it from that standpoint. I disabled the apache user account, rejected any email to or from apache, etc. These don’t work for long, since the blog and my bulletin board send email as apache. Today, I dug deeper and found that a simple cross-site scripting vulnerability was being exploited. I was sure that I would find the culprit in my real estate scripts. They are heavy in php and could have had errors somewhere in them – and have. Instead I found that a super simple page that I made for my tax firm had unchecked variables for inclusion. Hopefully, you have not received any of the spam that has been generated. And hopefully I have it fixed.

So let this be a lesson – mostly for me – check your variables.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress
Comments, opinions and drivel © the poster. Satire protected under Fair Use. Opinion protected under First Amendment (see: Constitution of the United States)
Nothing on this site should be construed as tax, legal, or investment advice. If you need any of those things, seek out a professional whom you can pay for such advice. Posters cannot be held liable for your failure to perform your own due diligence.

Bad Behavior has blocked 96 access attempts in the last 7 days.