#title SPAM attack through vulnerable PHP script
#author Stefan Hornburg (Racke)
#topics blog; Exim
#date 2007-06-15
#pubdate 2007-06-15T10:22:13+02:00
#lang en



One of my customers reported this morning that their webserver was unusually slow. I discovered that it was abused for sending SPAM through web forms. The PHP script processing these forms lacked proper input sanitization. After disabling the script by renaming its mail function I deleted almost 1000 of SPAM emails from the queue:

xxx:/var/spool/exim4/input# grep -l "Email von yyy.zz:" *-D | perl -pe 's/-D$//' | xargs exim -Mrm