Reply to Hacked By Spammer

Your name:

Reply:


Posted by Dan on 01/10/06 09:24

I had a php script running under Apache web server on a Debian Linux
box. The script used a form to send me email using the 'mail'
routine. Somehow a spammer managed to hijack the script to send spam.

My first question I have, is how did he do it? I've included the
script below.

My second question is, how do I set up an -unhackable form and how do
I test that it's safe? I don't want to have the email address on the
web page.


(Sorry about the way that my news reader has formatted this.)
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<title>Contact Ilsa Sharp</title>
</head>

<body bgcolor="#666633" text="#FFFFFF" link="#FFFFFF" vlink="#FFFFFF"
alink="#FFFFFF" topmargin="10" leftmargin="10" marginwidth="0"
marginheight="0">

<?php
$state = $_REQUEST['state'];

if ($state == "") // First entry, state not yet defined.
{
?>

<p>&nbsp;</p>

<!-- Form for sender's email address and messge. -->
<form method="POST" action="<?php echo($PHP_SELF)?>" >
<p><font face="Arial" size="3"><b>Your Email Address:</b></font></p>
<p><font face="Arial" size="3"><b>
<input type="text" name="fromText" size="40" maxlength="40">
</b></font></p>
<p><font face="Arial" size="3"><b>Message Text:</b></font></p>
<p><font face="Arial" size="3"><b>
<textarea name="msgText" cols="40" rows="10"></textarea>
</b></font></p>

<p><font face="Arial" size="3"><b>
<input type="hidden" name="state" value="1"> <!-- Change the state
for the next entry to this script. -->
<input type="submit" value="Send" name="send" style="font-family:
Arial; font-size: 12pt; font-weight: bold">
</b></font></p>
<p>&nbsp;</p>
</form>

<?php
}
else // Second entry to this script, send email based on what was
in the form.
{
$fromText = $_REQUEST['fromText'];
$msgText = $_REQUEST['msgText'];
mail( "some address@some domain.com", "Message",
$msgText, "From: $fromText <$fromText>\n" );
?>
<p>&nbsp;</p>
<p>&nbsp;</p>

<p align="center">Your message was successfully
sent.</p>
<h2 align="center"><a href="index.html">Home</a></h2>

<?php
}
?>

</body>
</html>

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация