I've been using a flash input form in tandem with a php file that is not commonly-named, Think that is safe? I assume so...
Re: contact.php hacking
Collapse
X
-
Originally posted by StelexI'm not very experienced with PHP but would this help ?
Scroll all the way down, third last blockquote.Dan BlombergComment
-
I think i've got my system pretty tight.
I don't actually make any calls to PHP's mail() function directly.
I use a function that i created that builds the email up from only three variables being passed to it. Headers NOT being one of them
The headers are predefined and cannot be injected with any code to my knowledge.
Maybe this will help someone.
David-----
Do you fear the obsolescence of the metanarrative apparatus of legitimation?Comment
-
my domain was suspended...here's the plan...
I just had a domain suspended that was using a generic "contact.php" form which took the form input and passed it directly to the mail() message. It seems the spammer is using "Bcc:" embedded in the message.
Since my To: address and Subject: are predefined in the script, I'm going to filter the user message with (found on another site):
where user input is $ems
if ( stristr( $ems, 'content-type:' ) || stristr( $ems, 'multipart/mixed' ) || stristr( $ems, 'boundary=' ) || stristr( $ems, 'cc:' ) || stristr( $ems, 'multi-part message in mime format' ) || stristr( $ems, 'to:' ) || eregi( "(%[a-f0-9])", $ems ) || stristr( $ems, '0x' ) || stristr( $ems, 'base64'))
// the last two are in case they try using hex or other non standard characters
{
bad input
}
Any comments/suggestions?Scott James
President
Computer Consulting Specialists, Inc.
Linux and Windows, SQL database, programming - Sarasota, FLComment
-
Originally posted by scojamAny comments/suggestions?
Originally posted by jobeHi. I've got a few contact forms around which all use three pages (with different info); contact.htm, global.inc.php & process.php - does this problem apply to these do you think?Dan BlombergComment
-
A couple of months ago I started receiving mails that seemed to try to exploit this failure. I found this website:
lots of comments on how to solve the problem.
However, I would appreciate if somebody tells me how to detect the problem. I found out because the email bounced. But what happens if it doesn't? Do we have access to email logs?
Thanks.Comment
-
You do not have access to the mail logs so there is no immediate way to tell if it is occuring and to be honest we have to suspend domains that this is occuring on, we can unsuspend them once you contact us if you remove or disable the script entirely. This must be done to prevent server IP's from being blacklisted if at all possible.Comment
-
You know, I am asking myself, will the day come, when someone would say "Enough is enough!" and start taking spam as serious criminal activity and also pay attention to ISP's that alow their systems to be used to make atacks.
As long as abuse is not sanctioned properly we will all suffer. Solution is not to prevent them to do it, but to punishing them when they do it.Comment
-
Any idea which servers the spam is comming from? I offer a contact script on my site (http://programs.themike.com/) and I'd like to know if there are any problems with it.Comment
-
Originally posted by mikeh80Any idea which servers the spam is comming from? I offer a contact script on my site (http://programs.themike.com/) and I'd like to know if there are any problems with it.Dan BlombergComment
-
BTW, it's not that Image security cannot be broken. See this, http://www.cs.sfu.ca/~mori/research/gimpy/Comment
Comment