SPAM being sent through customer email account

[Rob Petterson]

I got an email today from Pipex saying:

 

Dear Customer

 

Earlier today our system administrators noticed a large amount of spam mail being sent from your resold account xxxxxxxxxxxxxxxxx.com

 

This mail was being sent to a list of mostly aol.com addreses, as I'm sure you are aware AOL have a very strict policy on spam and incidents such as this can cause our servers to be blacklisted and in turn have an impact on other customers.

 

It appears that this mail may have been sent through an exploit in one or more of the PHP scripts on your system. We would ask that you review the code on your website to remove any vulnerabilities that may allow the scripts to be abused to send emails. If the scripts are from a 3rd party software we would advise you contact the vendor for security patches or updates to their code.

 

We have temporarily disabled the account so the spamming will stop. Please contact us with the ticket number shown in the subject line of this email and we can re-activate the account so you can update the scripts.

 

Thank you in advance for your co-operation.

 

 

 

 

 

 

Has anyone got any ideas about this?

The same issue happened last week with another of my clients sites.

[Guest]

make sure you have the latest osc upgrade that fixes email injection header problems. There is also a contribution worth reading about.

 

http://www.oscommerce.com/community/contributions,3534

[peterr]

See http://www.oscommerce.com/forums/index.php?showtopic=185863