Re: contact.php hacking

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • cathode
    Member
    • Oct 2004
    • 88

    #16
    I've been using a flash input form in tandem with a php file that is not commonly-named, Think that is safe? I assume so...

    Comment

    • -Oz-
      Senior Member
      • Mar 2004
      • 545

      #17
      Originally posted by Stelex
      I'm not very experienced with PHP but would this help ?



      Scroll all the way down, third last blockquote.
      Yes, that would help. The function from the sitepoint thread I posted is very similar. I'm now using a function similar to that, a verify email function, and an anti-spam image. Seems to have stopped the problems.
      Dan Blomberg

      Comment

      • james
        Senior Member
        • Mar 2004
        • 183

        #18
        Anti spam image did the trick for me...

        Also javascript and server side checking of form inputs.

        Comment

        • sdjl
          Senior Member
          • Mar 2004
          • 502

          #19
          I think i've got my system pretty tight.
          I don't actually make any calls to PHP's mail() function directly.
          I use a function that i created that builds the email up from only three variables being passed to it. Headers NOT being one of them

          The headers are predefined and cannot be injected with any code to my knowledge.
          Maybe this will help someone.

          David
          -----
          Do you fear the obsolescence of the metanarrative apparatus of legitimation?

          Comment

          • scojam
            Junior Member
            • Apr 2004
            • 18

            #20
            my domain was suspended...here's the plan...

            I just had a domain suspended that was using a generic "contact.php" form which took the form input and passed it directly to the mail() message. It seems the spammer is using "Bcc:" embedded in the message.

            Since my To: address and Subject: are predefined in the script, I'm going to filter the user message with (found on another site):

            where user input is $ems

            if ( stristr( $ems, 'content-type:' ) || stristr( $ems, 'multipart/mixed' ) || stristr( $ems, 'boundary=' ) || stristr( $ems, 'cc:' ) || stristr( $ems, 'multi-part message in mime format' ) || stristr( $ems, 'to:' ) || eregi( "(%[a-f0-9])", $ems ) || stristr( $ems, '0x' ) || stristr( $ems, 'base64'))
            // the last two are in case they try using hex or other non standard characters
            {
            bad input
            }


            Any comments/suggestions?
            Scott James
            President
            Computer Consulting Specialists, Inc.
            Linux and Windows, SQL database, programming - Sarasota, FL

            Comment

            • jobe
              Member
              • Oct 2004
              • 50

              #21
              Hi. I've got a few contact forms around which all use three pages (with different info); contact.htm, global.inc.php & process.php - does this problem apply to these do you think?
              Thanks.

              Comment

              • -Oz-
                Senior Member
                • Mar 2004
                • 545

                #22
                Originally posted by scojam
                Any comments/suggestions?
                This thread is full of suggestions. Add the anti-spam image I posted about on the very first post. It seems to work well for most people. I've used it on all my pages.

                Originally posted by jobe
                Hi. I've got a few contact forms around which all use three pages (with different info); contact.htm, global.inc.php & process.php - does this problem apply to these do you think?
                I have found that any page that can send a mail form is being hit from advertising contact forms to email a friend forms. I've just added anti-spam images to all them and functions to remove bad characters to most of them.
                Dan Blomberg

                Comment

                • hgutierr
                  Junior Member
                  • Apr 2004
                  • 10

                  #23
                  A couple of months ago I started receiving mails that seemed to try to exploit this failure. I found this website:



                  lots of comments on how to solve the problem.

                  However, I would appreciate if somebody tells me how to detect the problem. I found out because the email bounced. But what happens if it doesn't? Do we have access to email logs?

                  Thanks.

                  Comment

                  • jobe
                    Member
                    • Oct 2004
                    • 50

                    #24
                    I would appreciate knowing how to tell as well.

                    Also would dathorn inform us if it happens to allow us time to make changes before a suspension. Not being proficient in php in any way, this is going to take a bit of time to get sorted.

                    Comment

                    • AndrewT
                      Administrator
                      • Mar 2004
                      • 3653

                      #25
                      You do not have access to the mail logs so there is no immediate way to tell if it is occuring and to be honest we have to suspend domains that this is occuring on, we can unsuspend them once you contact us if you remove or disable the script entirely. This must be done to prevent server IP's from being blacklisted if at all possible.

                      Comment

                      • Pedja
                        Senior Member
                        • Mar 2004
                        • 329

                        #26
                        You know, I am asking myself, will the day come, when someone would say "Enough is enough!" and start taking spam as serious criminal activity and also pay attention to ISP's that alow their systems to be used to make atacks.

                        As long as abuse is not sanctioned properly we will all suffer. Solution is not to prevent them to do it, but to punishing them when they do it.

                        Comment

                        • mikeh80
                          Junior Member
                          • Mar 2004
                          • 9

                          #27
                          Any idea which servers the spam is comming from? I offer a contact script on my site (http://programs.themike.com/) and I'd like to know if there are any problems with it.

                          Comment

                          • -Oz-
                            Senior Member
                            • Mar 2004
                            • 545

                            #28
                            Originally posted by mikeh80
                            Any idea which servers the spam is comming from? I offer a contact script on my site (http://programs.themike.com/) and I'd like to know if there are any problems with it.
                            You should be okay because a bot can't read the secureity image you include with your script.
                            Dan Blomberg

                            Comment

                            • schmeg007
                              Junior Member
                              • Jun 2004
                              • 4

                              #29
                              Thanks for that handy script scojam, I haven't been suspended, but I put that up to prevent any problems.

                              Comment

                              • Amitabh
                                Member
                                • Mar 2004
                                • 78

                                #30
                                BTW, it's not that Image security cannot be broken. See this, http://www.cs.sfu.ca/~mori/research/gimpy/

                                Comment

                                Working...