Advertisement:
A2Hosting

Author Topic: newmailcgi Recently Uploaded CGI scripts that send email on server.ihackmyi.com  (Read 2987 times)

Offline kaamaru

  • Full Member
  • ***
  • Posts: 488
  • Gender: Male
    • iHackMyi
Just got this email:

Quote
Below are the recently upload scripts that contain code to send email.  You may wish to inspect them to ensure they are not sending out SPAM.

/home/******/public_html/iphone/Sources/Subs-Post.php:97:          string headers)
/home/******/public_html/iphone/Sources/Subs-Post.php:98:       - sends mail, like mail() but over SMTP.  Used internally.
/home/******/public_html/iphone/Sources/Subs-Post.php:99:       - takes email addresses, a subject and message, and any headers.
---
/home/******/public_html/iphone/Sources/ScheduledTasks.php:1004:          // No point logging a specific error here, as we have no language. PHP error is helpful anyway...
/home/******/public_html/iphone/Sources/ScheduledTasks.php:1005:          $result = mail(strtr($email['to'], array("\r" => '', "\n" => '')), $email['subject'], $email['body'], $email['headers']);
/home/******/public_html/iphone/Sources/ScheduledTasks.php:1006:
---

--define level=1
X-Source-Dir: /

Note: If this is the first time you received this mail, it contains the history for the entire month so far.

Below are the recently upload scripts that contain code to send email.  You may wish to inspect them to ensure they are not sending out SPAM.

/home/******/public_html/iphone/Sources/Subs-Post.php:97:          string headers)
/home/******/public_html/iphone/Sources/Subs-Post.php:98:       - sends mail, like mail() but over SMTP.  Used internally.
/home/******/public_html/iphone/Sources/Subs-Post.php:99:       - takes email addresses, a subject and message, and any headers.
---
/home/******/public_html/iphone/Sources/ScheduledTasks.php:1004:          // No point logging a specific error here, as we have no language. PHP error is helpful anyway...
/home/******/public_html/iphone/Sources/ScheduledTasks.php:1005:          $result = mail(strtr($email['to'], array("\r" => '', "\n" => '')), $email['subject'], $email['body'], $email['headers']);
/home/******/public_html/iphone/Sources/ScheduledTasks.php:1006:
---

Are any of these sending out spam?

Offline flapjack

  • SMF Hero
  • ******
  • Posts: 2,615
  • Gender: Male
  • I pity the fools!
by default, lines with those numbers are comments/remarks. pleas post those lines here, so we can compare it against normal smf files

Offline Allusion

  • Jr. Member
  • **
  • Posts: 386
That's a e-mail message sent out by cPanel during regular system checks.

The message tells you that it has found code that sends e-mail. SMF contains code to send e-mail (notifications, topic replies etc.) So the message you got is completely normal.

However, if you want to be sure that those lines are not modified by some malicious script, download those files, open them in a text editor and compare the reported lines with the same lines from stock (unmodified) SMF files. Go to the SMF Downloads site to get stock SMF packages.

The line numbers might change if you install mods that add their own lines. Still, the idea is the same, search the reported lines in the same files (but from a stock SMF package); if each reported line matches a stock line, there's no problem.