Re: contact.php hacking

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • -Oz-
    Senior Member
    • Mar 2004
    • 545

    Re: contact.php hacking

    Use this thread to discuss contact.php issues.

    For example, I think its only looking for contact.php because one site has the page call contact.php and then i have a lot of other pages where the same code is on a page called index.php and those haven't been hit.

    I implemented anti-spam images on all my forms now using: http://www.hotscripts.com/Detailed/49400.html
    Dan Blomberg
  • AndrewT
    Administrator
    • Mar 2004
    • 3653

    #2
    It is not limited to contact.php for sure, I found several others where it was using sendmail.php as well. I wouldn't consider any common-named mail form to be safe at this point.

    Comment

    • -Oz-
      Senior Member
      • Mar 2004
      • 545

      #3
      A thread at sitepoint is discussing issues: http://www.sitepoint.com/forums/show....php?p=2298885
      Dan Blomberg

      Comment

      • AndrewT
        Administrator
        • Mar 2004
        • 3653

        #4
        That is precisely the problem. All of these different scripts fail to properly filter end user input into the forms. Even the other text or from fields can be used to add a BCC header.

        Comment

        • -Oz-
          Senior Member
          • Mar 2004
          • 545

          #5
          do you think my security image will help prevent this? I'll implement that function now too.
          Dan Blomberg

          Comment

          • AndrewT
            Administrator
            • Mar 2004
            • 3653

            #6
            Security images would prevent this so long as there is no way for an automated script to read them or figure out what they say. This is essentially a "bot" using these scripts to spam and that's the reason that you have these verification images.

            Comment

            • -Oz-
              Senior Member
              • Mar 2004
              • 545

              #7
              yeah, i'm pretty sure they're unreadable. I now have those and the functions from the sitepoint thead so I should be secure.

              see the image at work at: http://www.gamersmark.com/contact/
              Last edited by -Oz-; 11-15-2005, 08:33 PM.
              Dan Blomberg

              Comment

              • james
                Senior Member
                • Mar 2004
                • 183

                #8
                I had this problem a few months back with a contact form I had written.

                A client's web site was being used to send out emails to aol.com addresses.

                I have since beefed up the checking of the form's inputs, as well as implemented a security code confirmation, and have not had a problem since.

                This issue actually caused the account to be suspended, so it was quite serious.

                I now have to host this site on another web server because Dathorn refused to reactivate the account.

                Comment

                • AndrewT
                  Administrator
                  • Mar 2004
                  • 3653

                  #9
                  Domains may remain suspended if the problem occurs more than once or if the domain has a history of other causing other problems.

                  Comment

                  • ChrisTech
                    Senior Member
                    • Mar 2004
                    • 530

                    #10
                    If you have a VB forum, you can choose to have users verify with images, or not to allow anyone but those that are signed in, send a message.

                    Hosting at Dathorn since March 2003!

                    My Interwebs speed on Charter Cable!

                    Comment

                    • Sergio
                      Junior Member
                      • Mar 2004
                      • 6

                      #11
                      What about cgi-sys/FormMail.cgi Is it safe?

                      Comment

                      • djn
                        Senior Member
                        • Mar 2004
                        • 140

                        #12
                        Found this on http://www.nyphp.org/phundamentals/e..._injection.php :

                        function safe( $email ) {
                        return( preg_replace(array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:" )/i, "", $email ) );
                        }
                        /* rewritten for PHP4 */

                        What do you think of it?

                        Comment

                        • samsam
                          Member
                          • Mar 2004
                          • 79

                          #13
                          Pardon my forgetfulness, but can anyone remind me of a quick way to check out what emails are being sent out from a Dathorn account?

                          Is there an Exim log file, for example, kept somewhere that I have access to that I can scan periodically to see what is getting out?

                          Nothing in cPanel seems to fit the bill, aside from (at only the most global level) the bandwidth meter...

                          sam

                          Comment

                          • xeara
                            Junior Member
                            • Jul 2005
                            • 1

                            #14
                            Yes - What is the best way to check our accounts to see if they are being used in this matter so we can correct any problems?

                            Comment

                            • Stelex
                              Member
                              • Mar 2004
                              • 30

                              #15
                              I'm not very experienced with PHP but would this help ?



                              Scroll all the way down, third last blockquote.

                              Comment

                              Working...