Facebook
Twitteri am having issues with people exposing vulnerabilities on my users sites and putting somethingnasty.php onto their server which they can use to send thousands of their nasty spams.
when it happens, i have to first notice that more than normal email is going out (problem 1).
after i do that, i can look into the queue on plesk as see which php script is causing the issue, and then i can blow it up...
but i would obviously like to have a better approach.
of course the best approach would be for users to have tight security and not have .php scripts able to be installed... but since that's not realistic, one thing that would be VERY useful is to be able to whitelist known-good .php scripts in addition to being able to specify blacklisted ip addresses or emails. since the hackers in this case are sending the email spoofing as something@usersdomain.com and the ip is localhost...
on php 5.3+, you can specify a mail-log in php.ini that at least logs these... and i can monitor the mail-log file to detect when it's happening and even the script causing it and email me letting me know. so that's a very helpful step, but is there a way to whitelist php script names that are allowed to send mail on my own server?
when it happens, i have to first notice that more than normal email is going out (problem 1).
after i do that, i can look into the queue on plesk as see which php script is causing the issue, and then i can blow it up...
but i would obviously like to have a better approach.
of course the best approach would be for users to have tight security and not have .php scripts able to be installed... but since that's not realistic, one thing that would be VERY useful is to be able to whitelist known-good .php scripts in addition to being able to specify blacklisted ip addresses or emails. since the hackers in this case are sending the email spoofing as something@usersdomain.com and the ip is localhost...
on php 5.3+, you can specify a mail-log in php.ini that at least logs these... and i can monitor the mail-log file to detect when it's happening and even the script causing it and email me letting me know. so that's a very helpful step, but is there a way to whitelist php script names that are allowed to send mail on my own server?
