Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Hacking attempt on contact form

  1. #1
    Junior Member
    Join Date
    Mar 2004
    Location
    Tennessee
    Posts
    15

    Default Hacking attempt on contact form

    Hello all. I have been using the same contact form script for a couple of years now. Up till now I don't think there has been any mischief attempted with it.
    It is written in php.
    Now I have received emails on two of my forms that indicate attempts at something, spamming I guess.
    A few days after the first attempt I got more from another of my domains. The email in the "bcc" line is the same in both cases.
    The emails are sent by my username on cpanel05 as usual but here is what they look like. I am editing them and replacing my domain name with "mydomain.com".


    Quote:
    azmrku@mydomain.com
    Content-Type: multipart/mixed; boundary=\"===============1042879710==\"
    MIME-Version: 1.0
    Subject: bdb1a4ed
    To: azmrku@mydomain.com
    bcc: jrubin3546@aol.com
    From: azmrku@mydomain.com

    This is a multi-part message in MIME format.

    --===============1042879710==
    Content-Type: text/plain; charset=\"us-ascii\"
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit

    dsowv
    --===============1042879710==--

    azmrku@mydomain.com
    azmrku@mydomain.com

  2. #2
    Senior Member -Oz-'s Avatar
    Join Date
    Mar 2004
    Location
    Phoenix, AZ
    Posts
    545

    Default

    are you sure these came from the form and it isn't just someone pretending to use your server to send mail. I get bounce backs frequently where someone spoofed one of my addresses.
    Dan Blomberg

  3. #3
    Junior Member
    Join Date
    Mar 2004
    Location
    Tennessee
    Posts
    15

    Default This guy has phished lots of others

    After I posted that I googled the email address on the bcc and he is doing this all over. One site I found tells what they are trying to do. The cgi scripts and the perl scripts are the most vulnerable if I am not mistaken. I hope my php script, which I got from someone a couple years ago, is not vulnerable.
    Thanks. Joe

  4. #4
    Senior Member sdjl's Avatar
    Join Date
    Mar 2004
    Location
    London, UK.
    Posts
    502

    Default

    I'd be happy to look over the script if you want to PM/email me the source

    David

  5. #5
    Junior Member
    Join Date
    Jun 2004
    Posts
    13

    Default

    I wrote a script from scratch because it seems spammers troll for the common contact scripts you can download and use.

    It was a bit of work, but none of the spammers have hacked my script yet.

  6. #6
    Junior Member
    Join Date
    Sep 2004
    Posts
    26

    Default Hacking of Contact form

    I have 3 contact forms on my site and recently I have been receiving several bogus messages per day. How does this hacking work? What can happen? I just use a script from Cpanel. Does this leave me vulnerable to something?

  7. #7
    Junior Member
    Join Date
    Jul 2005
    Posts
    17

    Default

    I don't think it's necessarily a hack, rather a clever script that goes out and identifies contact forms, fills them in automatically with their spam and then submits it. I've gone to adding those pesky "security images" to contact forms and it solves the issue.

    The script I use is very simple and goes along with my custom php contact forms:

    Securimage CAPTCHA Class listed on hotscripts:

    http://www.hotscripts.com/Detailed/49400.html

  8. #8
    Junior Member
    Join Date
    Aug 2005
    Posts
    2

    Default

    curious- do any of the form's fields give an option to modify a header field on the outgoing email? Such as the Subject of the outgoing email? If so, that's how they are adding the bcc field i'd bet.

  9. #9
    Senior Member
    Join Date
    Mar 2004
    Location
    Australia
    Posts
    183

    Default

    One of my customers was using cgiemail (a cpanel cgi form script), and they were suspended because the script was used to send out mass spam emails to aol.com users.

    I have since removed this script and written my own version of it using PHP (based on phpmailer).

    I have had to host the domain on another web host because Andrew did not unsuspend this domain, which is fair enough I suppose.

    This is basically a warning to anyone using cgiemail from cpanel to change to another script to avoid your account being suspended.

    James

  10. #10
    Senior Member
    Join Date
    Mar 2004
    Posts
    209

    Default

    I would suggest that BEFORE using any script in the CPanel supplied scripts people should drop a note to support and inquire if there are any known bugs, issues etc.

    Also check with the author of the script to see if any updates can be had.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •