Posted by Carl Vondrick on 01/26/06 05:13

news@celticbear.com wrote:
> Recently found out AOL has blocked our company's IP for e-mail for
> spam. We don't send spam.
> So I had our server host check it out, and they said huge amounts of
> spam are being sent through us via a compromised PHP script we have for
> a Web support form.
>
> How is this possible? How can they do this? We validate if certain
> fields are blank, what else can we do to prevent someone from using our
> PHP pages to send spam?

FYI, the AOL spam filter blocks many false positives. It has created a
huge headache for myself with clients. While you do have a header
injection there, your IP being blocked as a false positive is still a
possibility.

Carl

>
> I don't know if it helps, but here's the last few actual lines we use
> to send the mail on that page in question:
>
> $msg .= "Problem:\n";
> $msg .= "$problem\n\n";
> $mailheaders = "From: (our domain) Support\n";
> $mailheaders .= "Reply-To: $useremail\n\n";
> mail("customerservice@(our domain).com", "Customer Service", $msg,
> $mailheaders);
>
> Thanks for any help, even if just a link to a site that can help.
> Liam
>

[Back to original message]