Hacking attempt on contact form

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • josephus
    Junior Member
    • Mar 2004
    • 15

    Hacking attempt on contact form

    Hello all. I have been using the same contact form script for a couple of years now. Up till now I don't think there has been any mischief attempted with it.
    It is written in php.
    Now I have received emails on two of my forms that indicate attempts at something, spamming I guess.
    A few days after the first attempt I got more from another of my domains. The email in the "bcc" line is the same in both cases.
    The emails are sent by my username on cpanel05 as usual but here is what they look like. I am editing them and replacing my domain name with "mydomain.com".


    Quote:
    azmrku@mydomain.com
    Content-Type: multipart/mixed; boundary=\"===============1042879710==\"
    MIME-Version: 1.0
    Subject: bdb1a4ed
    To: azmrku@mydomain.com
    bcc: jrubin3546@aol.com
    From: azmrku@mydomain.com

    This is a multi-part message in MIME format.

    --===============1042879710==
    Content-Type: text/plain; charset=\"us-ascii\"
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit

    dsowv
    --===============1042879710==--

    azmrku@mydomain.com
    azmrku@mydomain.com
  • -Oz-
    Senior Member
    • Mar 2004
    • 545

    #2
    are you sure these came from the form and it isn't just someone pretending to use your server to send mail. I get bounce backs frequently where someone spoofed one of my addresses.
    Dan Blomberg

    Comment

    • josephus
      Junior Member
      • Mar 2004
      • 15

      #3
      This guy has phished lots of others

      After I posted that I googled the email address on the bcc and he is doing this all over. One site I found tells what they are trying to do. The cgi scripts and the perl scripts are the most vulnerable if I am not mistaken. I hope my php script, which I got from someone a couple years ago, is not vulnerable.
      Thanks. Joe

      Comment

      • sdjl
        Senior Member
        • Mar 2004
        • 502

        #4
        I'd be happy to look over the script if you want to PM/email me the source

        David
        -----
        Do you fear the obsolescence of the metanarrative apparatus of legitimation?

        Comment

        • furpcom
          Junior Member
          • Jun 2004
          • 13

          #5
          I wrote a script from scratch because it seems spammers troll for the common contact scripts you can download and use.

          It was a bit of work, but none of the spammers have hacked my script yet.

          Comment

          • jsilver
            Junior Member
            • Sep 2004
            • 26

            #6
            Hacking of Contact form

            I have 3 contact forms on my site and recently I have been receiving several bogus messages per day. How does this hacking work? What can happen? I just use a script from Cpanel. Does this leave me vulnerable to something?

            Comment

            • justoneguy
              Junior Member
              • Jul 2005
              • 17

              #7
              I don't think it's necessarily a hack, rather a clever script that goes out and identifies contact forms, fills them in automatically with their spam and then submits it. I've gone to adding those pesky "security images" to contact forms and it solves the issue.

              The script I use is very simple and goes along with my custom php contact forms:

              Securimage CAPTCHA Class listed on hotscripts:

              Hot Scripts is the net's largest PHP, CGI, Perl, JavaScript and ASP script collection and resource web portal. We are an Internet directory that compiles and distributes Web programming-related resources, geared toward webmasters, developers and programmers looking for enhancing their Web sites and intranets with dynamic development tools.

              Comment

              • formdude
                Junior Member
                • Aug 2005
                • 2

                #8
                curious- do any of the form's fields give an option to modify a header field on the outgoing email? Such as the Subject of the outgoing email? If so, that's how they are adding the bcc field i'd bet.

                Comment

                • james
                  Senior Member
                  • Mar 2004
                  • 183

                  #9
                  One of my customers was using cgiemail (a cpanel cgi form script), and they were suspended because the script was used to send out mass spam emails to aol.com users.

                  I have since removed this script and written my own version of it using PHP (based on phpmailer).

                  I have had to host the domain on another web host because Andrew did not unsuspend this domain, which is fair enough I suppose.

                  This is basically a warning to anyone using cgiemail from cpanel to change to another script to avoid your account being suspended.

                  James

                  Comment

                  • Grunfeld
                    Senior Member
                    • Mar 2004
                    • 209

                    #10
                    I would suggest that BEFORE using any script in the CPanel supplied scripts people should drop a note to support and inquire if there are any known bugs, issues etc.

                    Also check with the author of the script to see if any updates can be had.
                    Cheers,

                    Gary
                    (This space for rent)

                    Comment

                    • Pedja
                      Senior Member
                      • Mar 2004
                      • 329

                      #11
                      I guess it would be much simpler for Dathorn admins to remove all vulnerable scripts from Cpanel so they cannot be installed at all. During this time I use Dathorn I learned that there are far too much issues new users must find out on their own, usually when it is too late, and damage is already done, since there is no systematic and readable form of warnings DO's and DONT's.

                      There are too much serious holes left accessible to unexperienced users.

                      Comment

                      • Dave
                        Member
                        • Mar 2004
                        • 42

                        #12
                        Contat Form Troubles

                        Howdy

                        I have been fighting some kind of hacker script that wants to use several of my sites for spamming. I have read this thread and found a rather long page with lots of info about it..




                        It's a shame... These guys don't have anything better to do than to try and hack and use a formailscript or other ones to spam people..Or do other damaging stuff...

                        I am just a designer hobbiest... I don't know how to modify a "string" or whatever in a php script. I just found a easy one from hotscripts that worked well and have been using it for a long time with no trouble... Now I get these:

                        Comments: gci@dajuanpumporgan.com
                        Name: gci@dajuanpumporgan.com
                        Location: gci@dajuanpumporgan.com Content-Type: multipart/mixed; boundary="===============1729057609==" MIME-Version: 1.0 Subject: 93b635f6 To: gci@dajuanpumporgan.com bcc: Homeiragtime@aol.com From: gci@dajuanpumporgan.com This is a multi-part message in MIME format. --===============1729057609== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit wth --===============1729057609==--
                        email: gci@dajuanpumporgan.com


                        So does that mean my script is being comprimized and they are going to send 1000's of viagra ad's to a hidden bcc field?

                        I have tried renamig and moving them around to different folders but they usually start happeing again... I have started using a different one now on a few domains and it has stopped for now...

                        I have lot's of poeple who want contact forms on a website... Is there a simple script out there that works that is safe?
                        Sorry I gave up blogging for web design.

                        Comment

                        • cathode
                          Member
                          • Oct 2004
                          • 88

                          #13
                          Question, is it safe to say that a php email script with a frontend built in flash would stop robot submissions like image verificaiton does?

                          Comment

                          • loyalrogue
                            Member
                            • Apr 2004
                            • 44

                            #14
                            Originally posted by james
                            One of my customers was using cgiemail (a cpanel cgi form script), and they were suspended because the script was used to send out mass spam emails to aol.com users.

                            I have since removed this script and written my own version of it using PHP (based on phpmailer).

                            I have had to host the domain on another web host because Andrew did not unsuspend this domain, which is fair enough I suppose.

                            This is basically a warning to anyone using cgiemail from cpanel to change to another script to avoid your account being suspended.

                            James
                            Sorry to necro an old thread, but I was looking at converting a ton of FP email forms, and cgiemail looked like the quickest and easiest way to do it without rewriting all the forms from scratch.
                            I've already sent a ticket to support, but I was wondering what the community knowledge is on the current state of cgiemail that is available through the cpanel?

                            Comment

                            • paradiselost
                              Member
                              • Apr 2004
                              • 31

                              #15
                              Originally posted by cathode
                              Question, is it safe to say that a php email script with a frontend built in flash would stop robot submissions like image verificaiton does?
                              Simply writing the form in flash doesn't make any difference if the form just posts to a PHP script. Any time you write a custom form it decreases the likelihood that an attacker or bot will use your form for evil, but not protecting your forms from sending spam by using something like PHPmailer and captcha is not a good idea.

                              If you use flash to make forms it would be a good idea to use the form posting functions in flash, some kind of flash based captcha, and use phpmailer to send out the mail.

                              James
                              --
                              ** DEVTRENCH **
                              --
                              James Ehly

                              Comment

                              Working...