Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:11820 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 69255 invoked by uid 1010); 2 Aug 2004 13:52:59 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 69231 invoked from network); 2 Aug 2004 13:52:58 -0000 Received: from unknown (HELO iko.gotobg.net) (80.168.8.116) by pb1.pair.com with SMTP; 2 Aug 2004 13:52:58 -0000 Received: from cpanel by iko.gotobg.net with local (Exim 4.34) id 1BrdFO-0001st-4M; Mon, 02 Aug 2004 16:53:02 +0300 Received: from 212.9.189.193 ([212.9.189.193]) by hristov.com (IMP) with HTTP for ; Mon, 2 Aug 2004 16:53:02 +0300 Message-ID: <1091454782.410e473e04e2c@hristov.com> Date: Mon, 2 Aug 2004 16:53:02 +0300 To: Paul G Cc: internals@lists.php.net References: <00c101c4783e$53f86630$0200a8c0@rusko> <410DF8E8.904@hristov.com> <010d01c47859$e5138260$0200a8c0@rusko> In-Reply-To: <010d01c47859$e5138260$0200a8c0@rusko> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.2 X-Originating-IP: 212.9.189.193 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - iko.gotobg.net X-AntiAbuse: Original Domain - lists.php.net X-AntiAbuse: Originator/Caller UID/GID - [32001 32001] / [47 12] X-AntiAbuse: Sender Address Domain - hristov.com X-Source: X-Source-Args: X-Source-Dir: Subject: Re: [PHP-DEV] list abuse From: php@hristov.com (Andrey Hristov) Quoting Paul G : > > ----- Original Message ----- > From: "Andrey Hristov" > To: "Paul G" > Cc: > Sent: Monday, August 02, 2004 4:18 AM > Subject: Re: [PHP-DEV] list abuse > > > > Paul G wrote: > > > folks, > > > > > Last time I looked at the message it does spoof the original address and > is being > > sent from an unknown server. > > > it is unlikely it does so intentionally. mail coming from the list has > internals@ listed as the to: address, which the script obviously doesn't > sanity check. regardless of whether this is malicious, the dude needs to go. Sure it does it intentionally. I have used to check the site without the provided link and it looked like some pr0n site. Here is the source of the last message. Usually they "come" from addresses like andi@zend.com, zeev@zend.com even paul@rusko.us :) [snip] Received: from hristov by iko.gotobg.net with local-bsmtp (Exim 4.34) id 1BrTFY-0005fA-ON for php@hristov.com; Mon, 02 Aug 2004 06:12:42 +0300 Received: from [66.17.150.83] (helo=tgpnexus.com) by iko.gotobg.net with esmtp (Exim 4.34) id 1BrTFY-0007Sp-BJ for php_at_hristov_punkt_com; Mon, 02 Aug 2004 06:12:32 +0300 Received: (from root@localhost) by tgpnexus.com (8.11.6/8.11.6) id i722svi20745; Sun, 1 Aug 2004 22:54:57 -0400 Date: Sun, 1 Aug 2004 22:54:57 -0400 Message-Id: <200408020254.i722svi20745@tgpnexus.com> To: php_at_hristov_punkt_com Subject: IMPORTANT: Please Verify Your Message From: Reply-To: internals@lists.php.net [/snip] As far as I see this email has nothing to do with internals and php.net services except it spoofs that it comes from internal@lists.php.net .So the mail comes from tgpnexus.com (looks like). andrey