Hi all,
i see an increasing amoung of SPAM coming via exposed php Scripts on
worldwide webservices
Grep'ed from the Mail Headers i see lines like:
X-PHP-Originating-Script: 33:template89.php(1970) : eval()'d code
X-PHP-Originating-Script: 33:dirs21.php(1952) : eval()'d code
X-PHP-Originating-Script: 5004:themes.php(1936) : eval()'d code
X-PHP-Originating-Script: 502:file58.php(1962) : eval()'d code
X-PHP-Originating-Script: 10002:general.php(1937) : eval()'d code
X-PHP-Originating-Script: 33:files.php(1944) : eval()'d code
X-PHP-Originating-Script: 10002:general.php(1937) : eval()'d code
X-PHP-Originating-Script: 10282:footer49.php(1951) : eval()'d code
X-PHP-Originating-Script: 10013:page.php(1945) : eval()'d code
X-PHP-Originating-Script: 10003:stats.php(1955) : eval()'d code
X-PHP-Originating-Script: 10001:user15.php(1956) : eval()'d code
X-PHP-Originating-Script: 5008:proxy94.php(1959) : eval()'d code
X-PHP-Originating-Script: 503:lib.php(1949) : eval()'d code
X-PHP-Originating-Script: 504:global.php(1960) : eval()'d code
X-PHP-Originating-Script: 0:object62.php(1950) : eval()'d code
X-PHP-Originating-Script: 989:ajax.php(1949) : eval()'d code
X-PHP-Originating-Script: 10009:page.php(1954) : eval()'d code
X-PHP-Originating-Script: 10000:functions11.php(1959) : eval()'d code
X-PHP-Originating-Script: 10032:error73.php(1930) : eval()'d code
Is there any simple way to block this type of spam in an ACL to reject
the Mail
during the SMTP transport?
I was not able to find a solution.
I also tried to use a system filter solution like:
if $header_X-PHP-Originating-Script: contains ".*eval.*d\scode"
then fail
endif
but that doesn't match.
Is there anybody out there who can give me a hint or a working solution?
Regards Torsten
--
Torsten
