• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Spam PHP injection problem

B

BillieGDJoe

Guest
Hi folks,




I have an issue on my Linux Plesk Server. Users are using it to send spam directly to Qmail queue through PHP injection. Badmailfrom, spamassassin and Dr. Web dont catch this, because it is injected on queue directly. Disabling PHP mail() function solve this problem, but I need it enabled, so it still is a problem. Any ideas ?? Thanks in advice !
 
Im having the same issue. I have shut down two sites with these issues. The key is to have sites running updated code. Of course, heading that off before issues happen would be best.

They are typically associated with contact us pages on sites.
 
I caught this before it got out of control. Your best bet is something like mod_security (http://www.modsecurity.org/) it's not too difficult to setup, and protects against a lot of web based exploits.

From what I could tell, from the captures I got it injects a variable called "email" and adds something like the following:

Code: 
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
Subject: anuary early
bcc: [email]blah@blah.com[/email],dog@cat.com,etc...
then the message body...

that's enough to make it bcc to other people, as well as send a copy to wherever else that contact form should go. I think the mod_security already checks for this type of attack.
 
Originally posted by breun
This is not a Plesk or PHP problem, you need to update/fix your mail script.
Click to expand...

Agreed, but when you have a plesk server with over 200 domains and users doing their own things, you can't really rely on good programming practices. mod_security or a good IPS is the best way for a hosting company to combat this.

-Bill
 
You must log in or register to reply here.

Similar threads

A
Resolved Plesk Email Security and Dovecot Problems
Replies
9
Views
2K
Cmdr
C
S
Question Spam Protection Web Host?
Replies
2
Views
2K
ronanmarco
ronanmarco
mapodec
Resolved Emails sent from Plesk accounts are not delivering only to Google Workspace
Replies
2
Views
691
mapodec
mapodec
L
Question System Emails Marked as Spam
Replies
2
Views
1K
Leighton Thompson
L
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
3K
NewGate
N
Back
Top