Weird exploit messing with email [closed]

https://stackoverflow.com/questions/23600829

PHP
email
exploit

20-07-2023
|

Question

Closed. This question needs details or clarity. It is not currently accepting answers.

Want to improve this question? Add details and clarify the problem by editing this post.

Closed 9 years ago.

Found a weird hack today someone was exploiting, was wondering how this arbitary code could execute thousands of emails an hour.

http://pastebin.com/m7nBSmfB

Solution

There's nothing weird about the code you posted -- it builds up a PHP function in an obfuscated fashion -- then it calls the generated code.

The real problem/issue is, how is your server being made to run this code? If you have indeed been exploited by this, it's because you're allowing them to run arbitrary PHP code on your server.

You need to figure out how that happened.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow