Looking through the Bad Behavior logs, I've noticed a bunch of rejected trackback spam attempts from 64.71.177.84, belonging to Hurricane Electric (Not the first time I've seen that name, btw. They seem to be popular with the spammers, for whatever reason ...).
Well, I decided to type that IP address into my browser and got this piece of PHP code:
; $from_mail = "phpauth@yandex.ru"; $to_mail = "grigory@mail.astrakhan.ru"; $message = "Subject: testnFrom: $from_mailnTo: $to_mailntest"; $host = "smtp.yandex.ru"; $port = 25; $errno = 30; $errstr = 1; $timeout = 1; $handle = fsockopen($host, $port, $errno, $errstr, $timeout); fputs($handle, "EHLO $hostrn"); echo fread($handle, 4096) . "
"; fputs($handle, "AUTH LOGINrn"); echo fread($handle, 4096) . "
"; fputs($handle, base64_encode($user) . "rn"); echo fread($handle, 4096) . "
"; fputs($handle, base64_encode($pass) . "rn"); echo fread($handle, 4096) . "
"; fputs($handle, "MAIL FROM:<$from_mail>rn"); echo fread($handle, 4096) . "
"; fputs($handle, "RCPT TO:<$to_mail>rn"); echo fread($handle, 4096) . "
"; fputs($handle, "DATArn"); echo fread($handle, 4096) . "
"; fputs($handle, "$messagern.rn"); echo fread($handle, 4096) . "
"; fputs($handle, "QUITrn"); echo fread($handle, 4096) . "
"; fclose($handle); ?>Comments (0)
Damn Spam!
http://spam.tinyweb.net/article.php/hacked-server