I post it this before I drink my coffee... this code looking for mailto: [ string ] so as usual the spammers add the emailto:<email@whatever.xxx> to spamming list.

since there is no email address in "Tell a friend" href anchor. should not be a problem.

Thank you for your time.

I noticed in my log some kind of nimda web attack to mydownload -> tell a friend link.

The attack file is long, I have added to my site.http://unixtime.net/nimda.txt

The attacker trying to use Tell a Friend link to spam. using the default template link.
Example:
https://xoops.org/modules/mydownloads/singlefile.php?cid=2&lid=1

I had to recompile my kernel to support iptables string and added the following statements

$IPTABLES -I INPUT -j DROP -m string -p tcp -s 0.0.0.0/0 --string .c+dir.
$IPTABLES -I INPUT -j DROP -m string -p tcp -s 0.0.0.0/0 --string .cmd.exe.
$IPTABLES -I INPUT -j DROP -m string -p tcp -s 0.0.0.0/0 --string .default.ida.


I am sure there are many sites using tell a friend links.

does anybody know if there is a patch for this problem?

Thank you.