By electronicmonkey on

I get the information from my hosting company that my index.php file is being used to spam . I don't know how that is possible as i don't have any mailing module installed . Which is the optimum permission to set for my files and folders to prevent them being used by hackers yet maintain full functionality ?

Categories: Drupal 5.x

Comments

matt_harrold’s picture

matt_harrold commented

If you've set Drupal permissions so that anonymous users can only access content (not post content), then I don't understand what your host is talking about. Ask them for more information.

silverwing’s picture

silverwing commented

define spamming - are they using your account to send spam emails? Are they running something from your site? Have you checked your folders for any files that shouldn't be there? Is there any code in your .tpl files that shouldn't be there?

Are you running the latest version of core and your modules?

~silverwing

_____________________________________________
Land of Midnight | MisguidedThoughts | showcaseCMS

electronicmonkey’s picture

electronicmonkey commented

I was told that it is being used to send spam emails . Beats me how that is possible but I think they don't know what they are saying

alihammad’s picture

alihammad commented

Sending email with forged headers is very common these days! Look at the code below, 

$to      = 'nobody@example.com';
$subject = 'the subject';
$message = 'hello';
$headers = 'From: webmaster@example.com' . "\r\n" .
    'Reply-To: webmaster@example.com' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);

Thus it doesn't take much verification to send email from any one id to the other. This is usually done in bulk when spamming. A smtp server is required. Your website's hosting provider is usually responsible for setting up one. So, the hosting provider's smtp server is at risk of being declared a spamming server (consequently being black listed too!).

You ask how it can be done from your website. Simply, by allowing any of your users the possibility of using the php filter . They could execute the php mail function or the drupal api function drupal_mail (it uses php mail () function too but is set to use the scheduled timing applet (cron) ). Try figuring out if any of your users has php filter privillege + any other method some one could be using to gain access to your system.

Ali Hammad Raza
WordsValley

electronicmonkey’s picture

electronicmonkey commented

Problem is that I am the only user for this particular site in question and nobody else has the login but me

alihammad’s picture

alihammad commented

Where is your site hosted?

Ali Hammad Raza
WordsValley

electronicmonkey’s picture

electronicmonkey commented

1and1 .
Avoid them as much as possible