Fighting webserver spam: part 1

I have posted a lot in the past about how I try to deal with spam, generated on webservers that I manage. Most of this spam is generated by PHP based websites that all run as the same www-data user. Until now I compiled a custom PHP with a patch that adds a header to each email with the hostname and the path of the script that sent the email, as explained in this post. This helps me tracking down the users that caused the spam.

I got tired of recompiling PHP, so I wrote an extension that does the same using some C black magic. The code for this extension can be found in my hg repository. Because hg is so cool, you can just click on the zip or bz2 links in the left menu to download a snapshot of the latest version.

The extension works by replacing the native mail function of PHP. It adds a new header to the arguments and calls the real mail function with this extra header. Doing this required some very ugly hacks to manipulate the zend call stack, but what else is C made for 🙂

PHP 5.3

PHP 5.3 will support loading .htaccess style settings for cgi and fastcgi according to a presentation given at a php conference. This is pretty funny. About two and a half years ago I wrote a patch for the cgi and fastcgi api’s of php. I didn’t get feedback about the patch until someone at the #lighttpd irc channel pinged a php developer hanging around there. The feedback was: This doesn’t belong in PHP, discussion closed!

Because I needed the patch at that moment I converted it into an extension and htscanner was born. I used it for a test setup that never got into production because of other problems. I didn’t need the extension any more and someone else took it over from me and posted it at pecl. Pretty funny Zend included it now, probably some corporate client needed it and all objections disappeared.

eAccelerator optimizer bug

I’m still alive!

There has been a optimizer bug in eAccelerator for php 5.2 since it was released. This has been finally fixed by a contributed patch. The ticket that tracks this bug is this one #242. I’ve created a test tarball and uploaded here, if the response is positive we’ll release in a week or so.

In the mean while I’ve been very busy at ULYSSIS after I came back from vacation. I’ve migrated all dns zones to a system that stores all zone information in ldap and an agent that verifies the serials in ldap and if the serial has been incremented a zone will be updated. On the front end side I’ve also written a webinterface that controls the dns information in ldap.

When this migration was finished I’ve also worked on a frontend to manage email adresses and virtual mail domains in ldap to migrate our qmail setup to a postfix+ldap setup. Big parts of it are finished, I’ve even managed to write a script that parses a few thousand .qmail files so they ca be imported in ldap. I’m waiting on the new hardware for the mailserver to arrive.

Since the beginning of August I’ve been studying for my exams. I’ve got to re-do three exams this year, a lot less then last year and I’ve got a lot of time between them. But this time I really want to pass all three of them so my last year can be a bit less busy.