Posted by news@celticbear.com on 01/26/06 16:53

Carl Vondrick wrote:
> news@celticbear.com wrote:
> > Recently found out AOL has blocked our company's IP for e-mail for
> > spam. We don't send spam.
> > So I had our server host check it out, and they said huge amounts of
> > spam are being sent through us via a compromised PHP script we have for
> > a Web support form.
> >
> > How is this possible? How can they do this? We validate if certain
> > fields are blank, what else can we do to prevent someone from using our
> > PHP pages to send spam?
>
> FYI, the AOL spam filter blocks many false positives. It has created a
> huge headache for myself with clients. While you do have a header
> injection there, your IP being blocked as a false positive is still a
> possibility.
>
> Carl
>

Thanks for the pointer. I was afraid of something like that as well.
I respect their strong no spam policies, but man, which is worse?
Blocking a lot of legit mail with the bathwater? (OK, mixed metaphor.)

I think I have the injection problem worked out with the help of
php.net (go fig)
// ANTI-INJECTION VALIDATION //////
foreach ($_POST as $j =>$value) {
if ((stristr($value,"Content-Type"))||(stristr($value,"cc:"))) {
header("HTTP/1.0 403 Forbidden");
echo "YOU HAVE BEEN BANNED FROM ACCESSING THIS SERVER FOR
TRIGGERING OUR SPAMMER TRAP";
exit;
}
}

(I tried to also search for "\n" in the field, but it seems to ignore
that. Probably has something to do with escaping the slash. I'll work
on that.)

Unfortunately I'm now getting errors from the aol server of "Deferred:
Bad file descriptor".

Can't win.

-Liam

[Back to original message]