Fighting webserver spam: part 1

I have posted a lot in the past about how I try to deal with spam, generated on webservers that I manage. Most of this spam is generated by PHP based websites that all run as the same www-data user. Until now I compiled a custom PHP with a patch that adds a header to each email with the hostname and the path of the script that sent the email, as explained in this post. This helps me tracking down the users that caused the spam.

I got tired of recompiling PHP, so I wrote an extension that does the same using some C black magic. The code for this extension can be found in my hg repository. Because hg is so cool, you can just click on the zip or bz2 links in the left menu to download a snapshot of the latest version.

The extension works by replacing the native mail function of PHP. It adds a new header to the arguments and calls the real mail function with this extra header. Doing this required some very ugly hacks to manipulate the zend call stack, but what else is C made for 🙂

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.