I think this is a pretty easy fix but I guess I could be wrong...
On my main page at [[url removed, login to view]] I have a little box where people can enter their e-mail address and upon doing so it sends me an e-mail with it so I can add it to my mailing list. I recently moved to a new server (pair Networks) and when I did I got the following e-mail from them:
**We regret to inform you that we needed to disable the following script located in your account because a security vulnerability within it was exploited by a malicious user in an attempt to send junk e-mails from the server:
/usr/www/users/XXX/newsletter/[url removed, login to view]**
**Please take a few moments to look over your script for any obvious problems before using "chmod 755" (via telnet) or using your FTP client to reenable the executable permissions of the script.
I asked for further information and was told:
**The problem isn't that the script was allowed, it has a security
vulnerability that caused it to be used to send spam out on the server. To keep this from happening you will want to review your code and ensure that you are verifying input. Once you had modified the code you can re-enable the script.**
So the job is to either fix the current script or install a new one that won't be de-activated.
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).
Newsletter script and PHP