Possible attack!!! when post blog, d7RC

When try to post a blog, After a long waiting, an error page shows

Warning: mail() [function.mail]: Failed to connect to mailserver at "localhost" port 25, verify your "SMTP" and "smtp_port" setting in php.ini or use ini_set() in D:\www\web\dolphin\inc\utils.inc.php on line 427
Possible attack!!! All data has been collected and sent to the site owner for analysis.

The possible attack info is just the same as in beta8.

When I marked out send mail function, it still say possible attack.

Anyone run across this too?

Ticket added (generic): http://www.boonex.com/trac/dolphin/ticket/1467

Please try to reproduce this error on boonex demo :

http://demozzz.com/dolphin7b/

and let us know about the result

Hey AlexT, Can you provide any helpful information in my blog here :

http://www.boonex.com/unity/blog/entry/The_Possible_Attack_Headache

I would appreciate it.

Thanks,

Chris

I have post a comment in the blog

 Strange enough, I post a blog successfully at http://demozzz.com/dolphin7b/. But it indeed don't work on my machine.

About my machine:

winxp, php5.2.11, apache2.2.11, mysql-5.1.30-release timestamp: Fri 2008-11-14

New finding.

1) It seems that if the posted content is plain text, without special character, the post will success.

2) if the post contains some special code, will show possible attack. The following word will cause possible attack, as in http://demozzz.com/dolphin7b/blogs/entry/attack :

RewriteRule ^news/{0,1}$  news.php [QSA,L]
RewriteRule ^news/([^/.]+)/{0,1}$  news.php?newsUri=$1 [QSA,L]

RewriteRule ^blogs/{0,1}$   modules/boonex/blogs/blogs.php [QSA,L]
RewriteRule ^blogs/all/([0-9]+)/([0-9]+)/{0,1}$  modules/boonex/blogs/blogs.php?page=$2&per_page=$1  [QSA,L]

3) if the post contains html, it will cause possible attacke. like following, as in http://demozzz.com/dolphin7b/blogs/entry/possible-attack-2009-11-16

Posts Author Latest Reply

• READ THIS POST BEFORE SUBMIT YOUR BUG REPORT
  
  To make the bug reports more effective please read and follow
• 5
• VictorT
  
  Jul 22, 2009 05:39
• mastermindsro
  
  Sep 09, 2009 15:11

• Data Migration D7 RC1
  
  hello, i installed D7 and setup the correct
• 20
• gecealem
  
  Nov 13, 2009 09:37
• SashaE
  
  Nov 16, 2009 02:58

4) So I doubt whether you made any configuration in http://demozzz.com/dolphin7b  with regards to the post content, or other checking rule ?

http://demozzz.com/dolphin7b/ is a clean Dolphin 7.0.0 RC install.

Please check if you installed RC in new empty directory and new empty database. It is not enough to just ovewrite files from old installation, because some cache files can cause problems from old install.