News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

newmailcgi Recently Uploaded CGI scripts that send email on server.ihackmyi.com

Started by kaamaru, April 19, 2010, 06:22:10 AM

Previous topic - Next topic

kaamaru

Just got this email:

QuoteBelow are the recently upload scripts that contain code to send email.  You may wish to inspect them to ensure they are not sending out SPAM.

/home/******/public_html/iphone/Sources/Subs-Post.php:97:          string headers)
/home/******/public_html/iphone/Sources/Subs-Post.php:98:       - sends mail, like mail() but over SMTP.  Used internally.
/home/******/public_html/iphone/Sources/Subs-Post.php:99:       - takes email addresses, a subject and message, and any headers.
---
/home/******/public_html/iphone/Sources/ScheduledTasks.php:1004:          // No point logging a specific error here, as we have no language. PHP error is helpful anyway...
/home/******/public_html/iphone/Sources/ScheduledTasks.php:1005:          $result = mail(strtr($email['to'], array("\r" => '', "\n" => '')), $email['subject'], $email['body'], $email['headers']);
/home/******/public_html/iphone/Sources/ScheduledTasks.php:1006:
---

--define level=1
X-Source-Dir: /

Note: If this is the first time you received this mail, it contains the history for the entire month so far.

Below are the recently upload scripts that contain code to send email.  You may wish to inspect them to ensure they are not sending out SPAM.

/home/******/public_html/iphone/Sources/Subs-Post.php:97:          string headers)
/home/******/public_html/iphone/Sources/Subs-Post.php:98:       - sends mail, like mail() but over SMTP.  Used internally.
/home/******/public_html/iphone/Sources/Subs-Post.php:99:       - takes email addresses, a subject and message, and any headers.
---
/home/******/public_html/iphone/Sources/ScheduledTasks.php:1004:          // No point logging a specific error here, as we have no language. PHP error is helpful anyway...
/home/******/public_html/iphone/Sources/ScheduledTasks.php:1005:          $result = mail(strtr($email['to'], array("\r" => '', "\n" => '')), $email['subject'], $email['body'], $email['headers']);
/home/******/public_html/iphone/Sources/ScheduledTasks.php:1006:
---

Are any of these sending out spam?

flapjack

by default, lines with those numbers are comments/remarks. pleas post those lines here, so we can compare it against normal smf files

Allusion

That's a e-mail message sent out by cPanel during regular system checks.

The message tells you that it has found code that sends e-mail. SMF contains code to send e-mail (notifications, topic replies etc.) So the message you got is completely normal.

However, if you want to be sure that those lines are not modified by some malicious script, download those files, open them in a text editor and compare the reported lines with the same lines from stock (unmodified) SMF files. Go to the SMF Downloads site to get stock SMF packages.

The line numbers might change if you install mods that add their own lines. Still, the idea is the same, search the reported lines in the same files (but from a stock SMF package); if each reported line matches a stock line, there's no problem.

Advertisement: