Earlier today I noticed something odd in the Exim mainlog on a lug.org.uk machine, so went hunting. I found a user’s website that uses something called the “e107 website system.”
This appears to have a feature whereby an existing news item on the site can be emailed to an arbitrary email address with arbitrary extra text added by whoever sends it. Anyone can send these emails. It appears to have been used to send 46 spam emails since June 9th.
This feature is mind-numbingly stupid. I have no idea if it is a standard feature of e107, or some idiotic plugin, but whoever wrote it has not the first clue of what they are doing.
Couple this with our need to shut down another e107 site in the last few weeks due to it being filled with comment spam and bringing the server to its knees with poor SQL queries, and this fun read:
http://www.google.co.uk/search?q=%22e107+website%22+exploit+vulnerability
I cannot stress enough how much I recommend people not touch this e107 thing with a barge pole.