|
Posted by Erwin Moller on 01/25/06 18:17
news@celticbear.com wrote:
> Recently found out AOL has blocked our company's IP for e-mail for
> spam. We don't send spam.
> So I had our server host check it out, and they said huge amounts of
> spam are being sent through us via a compromised PHP script we have for
> a Web support form.
>
> How is this possible? How can they do this? We validate if certain
> fields are blank, what else can we do to prevent someone from using our
> PHP pages to send spam?
>
> I don't know if it helps, but here's the last few actual lines we use
> to send the mail on that page in question:
>
> $msg .= "Problem:\n";
> $msg .= "$problem\n\n";
> $mailheaders = "From: (our domain) Support\n";
> $mailheaders .= "Reply-To: $useremail\n\n";
> mail("customerservice@(our domain).com", "Customer Service", $msg,
> $mailheaders);
>
> Thanks for any help, even if just a link to a site that can help.
> Liam
Hi Liam,
That is called email header injection (I think).
It boils down to the fact that the spammer is misusing your mailgateway by
sending suff you didn't expect.
Have a look at your mailheaders, it will accept $useremail without question.
That is where the spamming starts.
To fix this spamming, be sure $useremail is just a simple emailadres, and
above all, make sure it doesn't contain \n.
You can also consider using some routine to check if the passed $useramil is
indeed a (single)emailadres.
After that first step:
If ou want to be sure what is going on:
- LOG THE ACTIONS. Simple store the parameters you use when calling mail()
is a database or flatfile, so you can study them afterwards.
But I expect filtering the \n out of $useremail will do the job.
Regards,
Erwin
[Back to original message]
|