next »

[DJBAP]

Dear members,

  :o horror!
since some weeks i experience during european nighttimes massive spammail distribution through php-scripts (usually named help. php) placed in my CS-directory.  Provider already twice closed down my space. 

Log-files show logs like:
2008-04-18 05:30:02 yx xy|< REMOTE=189. 82. 98. 190 SCRIPT=/help. php -- /usr/sbin/sendmail -t -i
2008-04-18 05:30:02 xy xy <= S=rox@tim. com SZ=1992 D=0 SID=28972760
2008-04-18 05:31:03 xy xy => draconico_666@hotmail. com msmtp. kundenserver. de[172. 19. 35. 7] 250 Message 0ML25U-1JmhIZ0vVf-0001P6 accepted by mrelayeu5. kundenserver. deand so on. 

who can i protect my space?
running CS 3. 2. 1 with a lot of selfmade templates

please help !!

greetings

[DanO]

** placed in my CS-directory. **

Placed in your CS-directory how exactly?? 

What permissions are the /calendarscript/ directory set to. It shouldn't need to be any more than 666 but setting it to 600 should prevent any scrips or files in it from being executed or even read from a browser but shouldn't affect the script's ability to use them.

If you're on a Unix based host, it should be possible to curtail the running of all PHP scripts in a particular directory using an .htaccess file.

** running CS 3.21 **

You're absolutely certain? You actually looked at the .pl files for their version number listed at the top? Is so, it may not be responsible for the file upload. Someone will need to investigate how those file(s) are being uploaded.

JMO

Dan O.

[DJBAP]

thanks for the lesson.  

I changed permissions and discovered that i was running CS 3.  2 , not 3.  21
sorry