Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My email form has been spammed, please help


  • Please log in to reply
9 replies to this topic

#1 Wolfy87

Wolfy87

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:01:03 PM

Posted 28 August 2009 - 06:03 PM

Well the title really explains it but i have a email form on my site that goes to sendmail.php, all of that works fine but i have had over 1000s emails spamming my inbox with variatioms of this:

You have recived a contact form:

               Name: Acunetix

               E-Mail: sample@email.tst
               
               Enquiry: 111-222-1933email@address.tst and 1=0 --

The and 1=0 -- changes every time and i can only assume that it is trying to find a hole in my code with it, i have taken the php off for now but dose anyone know what i can do to stop it?

There is a website antispyware company called acunetix, a connection there?

Any help will be greatly appreciated.
Thanks, Wolfy87.

BC AdBot (Login to Remove)

 


#2 KamakaZ

KamakaZ

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:12:03 AM

Posted 28 August 2009 - 07:11 PM

please provide the email headers and the sendmail.php code? Can't really check much with the info given...

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


#3 Wolfy87

Wolfy87
  • Topic Starter

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:01:03 PM

Posted 29 August 2009 - 04:53 PM

Ok, but what are the email headers?

The PHP code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Flow Web Design - Contact</title>
<link rel="icon" href="./image/icon.png" type="image/x-icon" />
<link rel="shortcut icon" href="./image/icon.png" type="image/x-icon" /> 
<style type="text/css">
@import 'reset.css';
@import 'main.css';
</style>
</head>
<body>
<div id="wrapper">
 	<div id="main">
 	 <div id="curve_top">
 
 	 </div>
 	 <div id="header"></div>
 	 <div id="menu">
 	 <a href="./index.html"><ul class="menu_title">Home</ul></a>
 	 <a href="./portfolio.html"><ul class="menu_title">Portfolio</ul></a>
 	 <a href="./webapps.html"><ul class="menu_title">Web Apps</ul></a>
 	 <a href="./login.html"><ul class="menu_title">Login</ul></a>
 	 <a href="./contact.html"><ul class="menu_title" id="last">Contact</ul></a>
 	 </div>
 	 <div id="title">
 	 <p class="title">
 	 Contact >>
 	 </p>
 	 </div>
 	 <div id="content">
 	 <p class="content">
 	 <?
 	 function checkOK($field)
 	 {
 	 if (eregi("\r",$field) || eregi("\n",$field)){
 	 die("Invalid Input!");
 	 }
 	 }
 	 $name=$_POST['name'];
 	 checkOK($name);
 	 $email=$_POST['email'];
 	 checkOK($email);
 	 $enquiry=$_POST['enquiry'];
 	 checkOK($enquiry);
 	 $to="info@flowwebdesign.co.uk";
 	 $message="You have recived a contact form:\n
 	 Name: $name\n
 	 E-Mail: $email\n
 	 Enquiry: $enquiry\n";
 	 if(mail($to,"Contact form",$message,"From: $email")) {
 	 echo "Your enquiery has been sent successfully.";
 	 } else {
 	 echo 'There was a problem sending the enquiery. Either try again or contact me with this problem at <a href="mailto:info@REDACTED.co.uk">
 	 info@REDACTED.co.uk</a>.';
 	 }
 	 ?>
 	 <br /><a href="./index.html">Return to Homepage</a>
 	 </p>
 	 </div>
 	 <div id="curve_bottom"></div>
 	</div>
</div>
</body>
</html>

Thanks so much

Edited by Amazing Andrew, 30 August 2009 - 01:46 AM.
Mod Edit: Redacted live email addy; no point in letting every spam bot on the internet see it! - AA


#4 KamakaZ

KamakaZ

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:12:03 AM

Posted 30 August 2009 - 03:39 AM

How to view email headers

@ AA - You seem to have missed one of the email addresses in the code at the $to section...

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


#5 Wolfy87

Wolfy87
  • Topic Starter

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:01:03 PM

Posted 31 August 2009 - 01:16 PM

Right I sent an email to Acunetix asking was it there program scanning my site, they said yes but it is not them doing it, they probably have a cracked version, so i sort of know whos doing it...not them, just somone using there program, here is one of the email headers:

Return-path: <flowwebdesign.co.uk@web178.extendcp.co.uk>
Envelope-to: info@flowwebdesign.co.uk
Delivery-date: Fri, 28 Aug 2009 23:30:13 +0100
Received: from web178.extendcp.co.uk ([79.170.40.178])
	by mail75.extendcp.com with esmtp (Exim 4.69)
	id 1Mh9xV-0006wK-AV
	for info@flowwebdesign.co.uk; Fri, 28 Aug 2009 23:30:13 +0100
Received: from web178.extendcp.co.uk (web178.extendcp.co.uk [127.0.0.1])
	by web178.extendcp.co.uk (8.14.3/8.13.1) with ESMTP id n7SMHppG019598
	for <info@flowwebdesign.co.uk>; Fri, 28 Aug 2009 23:17:51 +0100
Received: (from flowwebdesign.co.uk@localhost)
	by web178.extendcp.co.uk (8.14.3/8.14.3/Submit) id n7SMHpse019593;
	Fri, 28 Aug 2009 23:17:51 +0100
Date: Fri, 28 Aug 2009 23:17:51 +0100
From: "flowwebdesign.co.uk" <flowwebdesign.co.uk@web178.extendcp.co.uk>
Message-Id: <200908282217.n7SMHpse019593@web178.extendcp.co.uk>
To: info@flowwebdesign.co.uk
Subject: Contact form

I think my best bet is to put some sort of protection on the form like and image word validation, i dont know why they want to hack it anyway there are no details on there ets :S

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:03 AM

Posted 31 August 2009 - 04:07 PM

Because by compromising an improperly configured mail server, they can then in turn use it to send out other spam emails. that will work for a bit until your ISP determines that there is an unusual amount of traffic coming from your server, and they will disconnect your service.

#7 Wolfy87

Wolfy87
  • Topic Starter

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:01:03 PM

Posted 31 August 2009 - 05:04 PM

Right i see, thanks
And have i posted the right thing, are they the email headers?

Thanks

#8 KamakaZ

KamakaZ

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:12:03 AM

Posted 31 August 2009 - 05:50 PM

The email headers don't really help, should have known this, sorry! (silly me forgot you are using a form... so all the emails are coming from your webserver...)

I agree putting something like a captcha into your form may help :thumbsup:

One i have used in the past: http://recaptcha.net/whyrecaptcha.html

I would also suggest removing your email address from the samples you have provided...

Edited by KamakaZ, 31 August 2009 - 05:52 PM.

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


#9 Wolfy87

Wolfy87
  • Topic Starter

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:01:03 PM

Posted 01 September 2009 - 03:17 AM

Thank you very much for your help, i will get right on it.

Thanks again, Wolfy87.

#10 ChapperZHTID

ChapperZHTID

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Margate
  • Local time:01:03 PM

Posted 30 November 2009 - 11:08 AM

If you don't want to have the contact formyou canuse a free service which links to a site and its called www.xinbox.com take a look. Its free to sign up and its spam free email contact form. your email is displayed as a image so it can not be used by spam robots etc.

Thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users