Changelog:
- Added mail-header patch, this adds a header indicating what script invoked the mail() function. Useful for tracking spam
Example output on mail sent through php:
X-PHP-Script: example.com/test.php for 10.11.12.13
If you're trying to track down the source of spam from PHP scripts this would be invaluable. Many thanks to ikk on #plesk for pointing this patch out to me.
To upgrade:
yum upgrade php
[atomic] PHP 5.2.9-2
-
- Forum Regular
- Posts: 661
- Joined: Mon Oct 29, 2007 6:51 pm
Re: [atomic] PHP 5.2.9-2
kick ass!!!
Re: [atomic] PHP 5.2.9-2
Shame it can't log them though. I imagine you could do this with qmail wrapper, using the info in the header, but it would be nice to have it built-in.
Faris.
Faris.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: [atomic] PHP 5.2.9-2
This is very useful, improved logging would be good and it would be nice to be able to disable it on certain paths - not found a way yet - as not all web forms are at risk and outgoing messages with /paths/to/scripts in the mail header is a slight vulnerability in itself.
Anyway, the benefits far out way the drawbacks... Nice addition!
Anyway, the benefits far out way the drawbacks... Nice addition!
-
- Forum Regular
- Posts: 661
- Joined: Mon Oct 29, 2007 6:51 pm
Re: [atomic] PHP 5.2.9-2
I dont think its /full/path/script.php - from scotts description it is vhost/web/path/to/script.php
Something that most people who are visiting the form would probably already know.
Something that most people who are visiting the form would probably already know.
Re: [atomic] PHP 5.2.9-2
Thanks hostingguy - I realise that, should have been clearer - it shows domain/path/to/script. We make use PHP mail via CMS (for e-commerce/newsletters) and all these messages will now contain the domain/path/to/cms and admin users IP, which provides the recipient with a lot of information.
-
- Forum Regular
- Posts: 661
- Joined: Mon Oct 29, 2007 6:51 pm
Re: [atomic] PHP 5.2.9-2
what can they really do with that ?
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: [atomic] PHP 5.2.9-2
If you see more patches like this, please let me know. Theres always room for improvement!
Re: [atomic] PHP 5.2.9-2
Nothing specific, but want to avoid being the lowest hanging fruit. Security through obscurity is one aspect of risk management & damage limitation and while I'm not loosing sleep over this additional header - it's useful - if there is a way to disable it for certain parts of our web service, we will.hostingguy wrote:what can they really do with that ?