42 users online (0 members and 42 guests)  


  Results 1 to 8 of 8

Related

  1. read incoming mail and redirect to php script    Forum: CGI Perl Forum
    Replies: 2
  2. Problem with mail-script    Forum: PHP Forum
    Replies: 0
  3. Help, form mail    Forum: PHP Forum
    Replies: 0
  4. php mail script help    Forum: PHP Forum
    Replies: 14
  1. #1
    richybear's Avatar
    New User

    Status
    Offline
    Join Date
    Apr 2007
    Posts
    5

    Php Mail script being Spammed

    Greetings,
    I have a php driven website with a mail script that's been hacked into and now being used to send spam by way of my mail server.
    I need help securing the script as I am not to smart when it comes to playing with php scripts.
    If anyone can help me out, please let me know what you need from me and we can go from there.
    Thanks a lot, and hope to hear from you soon.
    Richard

  2. #2
    vinyl-junkie's Avatar
    Moderator

    Status
    Offline
    Join Date
    Sep 2005
    Posts
    721

    Re: Php Mail script being Spammed

    Post your mail script and any HTML that goes with it. Obviously, you'll want to delete your email address from the display. There are many things that can be done to make a mail script more secure.

    Another option is to use another script which is secure, rather than trying to modify the one you're currently using. I'd be happy to post the one I'm using, which is 99.9% spam-proof.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more

  3. #3
    richybear's Avatar
    New User

    Status
    Offline
    Join Date
    Apr 2007
    Posts
    5

    Re: Php Mail script being Spammed

    Hello vinyl-junkie,

    Thanks for any help. Let me know if the following makes any sence to you, and if it's actually the code that needs securing.

    PHP Code:
    case 'info':
    $pagename strtolower($_GET['pagename']);
    if (!
    array_key_exists($pagename$infopages))
    {
    include(
    'errordoc.php');
    exit();
    }
    $tpl->SetField('pagetitle'$config['site']['name'].' :: Help & Info :: '.$infopages[$pagename]['name']);
    $breadcrumb "<p><a href=\"{$config['server']['urlroot']}/\">Home</a> &gt; ";
    if (
    $pagename == 'contactus')
    {
    $cacher->Invalidate();
    }
    if ((
    $pagename == 'contactus') and (array_key_exists('submit'$_POST)))
    {
    $contentfile = new ANQ_File("{$config['server']['fileroot']}/templates/info/contactresults.html");
    $tpl->ParseFields();
    foreach (
    $_POST as $key=>$val)
    {
    $tpl->SetField('post:'.$key$val);
    }
    $tpl->SetField('post:message''<p>'.str_replace("\n"'</p><p>'stripslashes($_POST['message'])).'</p>'false);
    $tpl->SetField('post:ipaddress'$_SERVER['REMOTE_ADDR']);
    $tpl->SetField('post:date'date('D, d M Y H:i:s T'));
    if (
    valid_email($_POST['email']))
    {
    $tpl->SetField('emailconfirm''<p>A copy of your message has been emailed to you for your records</p>'false);
    }
    $tpl->SetField('content'$contentfile->Read(), false); // no entity escaping on this one...
    $messagebody 'Date: '.date('D, d M Y H:i:s T')."\nIP Address: {$_SERVER['REMOTE_ADDR']}\nQuery Type: {$_POST['querytype']}\n\nName: {$_POST['fullname']}\nEmail: {$_POST['email']}\n\nMessage:\n".stripslashes($_POST['message'])."\n";
    $headers 'Content-Type: text/plain; charset=iso-8859-1'."\r\n";
    $headers .= 'To: "'.$config['site']['name'].'" <'.$config['site']['admin'].'>'."\r\n";
    $headers .= 'From: "'.$_POST['fullname'].'" <'.$_POST['email'].'>'."\r\n";
    $headers .= 'X-Originating-IP: '.$_SERVER['REMOTE_ADDR']."\r\n";
    $headers .= 'Date: '.date('r')."\r\n";
    mail($config['site']['admin'], $_POST['querytype'].' message from '.$config['site']['name'], $messagebody$headers);
    $headers str_replace("\nTo:""\nSWAPFrom:"$headers);
    $headers str_replace("\nFrom:""\nSWAPTo:"$headers);
    $headers preg_replace('/SWAP(From|To):/''\1:'$headers);
    mail($_POST['email'], 'Confirmation of your message to '.$config['site']['name'], $messagebody$headers);
    }
    else
    {
    $contentfile = new ANQ_File ("{$config['server']['fileroot']}/templates/info/{$pagename}.html");
    $cacher->Update($contentfile->Modified());
    if ((
    $pagename != 'agents') and ($pagename != 'links'))
    {
    $cacher->CheckModified();
    }
    $mylastmod gmdate('r'$contentfile->_modtime);
    $tpl->SetField('content'"<h1>{$infopages[$pagename]['description']}</h1>\n".$contentfile->Read(), false); // no entity escaping on this one...
    }
    $newtourres db_query('select distinct l.* from '.$config['db']['prefix'].'listings l inner join '.$config['db']['prefix'].'tourviews t on l.listid = t.tourlistid where length(l.picture) > 0 group by l.listid order by if(coalesce(t.changed, 0) > coalesce(t.changed, 0), t.changed, coalesce(t.added, 0)) desc limit 0, 5;'$dbx);
    $i 1;
    while ((
    db_numrows($newtourres) > $i) and ($i 5))
    {
    $ntr db_getarray($newtourres);
    $insert '<p><a href="'.$config['server']['urlroot'].'/Tours/'.$ntr['listid'].'.html" onclick="javascript:ShowTour(this.href + \'?popup=1\') ; return false" title="Online virtual tour of '.htmlentities($ntr['listtitle']).'">'.htmlentities($ntr['listtitle']).'</a></p>'
    Last edited by DeadMeatGF; 04-08-2007 at 06:50 AM. Reason: Added PHP Tags

  4. #4
    richybear's Avatar
    New User

    Status
    Offline
    Join Date
    Apr 2007
    Posts
    5

    Re: Php Mail script being Spammed

    I've cleared this problem up.

  5. #5
    vinyl-junkie's Avatar
    Moderator

    Status
    Offline
    Join Date
    Sep 2005
    Posts
    721

    Re: Php Mail script being Spammed

    Would you like to share with us what you did to solve your problem? That way, perhaps other forum members could benefit as well.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more

  6. #6
    richybear's Avatar
    New User

    Status
    Offline
    Join Date
    Apr 2007
    Posts
    5

    Re: Php Mail script being Spammed

    I took the easy way out I deleted the code.

    Didn't really need it anyways!

  7. #7
    c010depunkk's Avatar
    New User

    Status
    Offline
    Join Date
    Apr 2007
    Posts
    5

    Re: Php Mail script being Spammed

    also clever

  8. #8
    firmaterra's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Apr 2007
    Posts
    81

    Re: Php Mail script being Spammed

    Quote Originally Posted by richybear View Post
    I took the easy way out I deleted the code.

    Didn't really need it anyways!
    hehe if only all things were as easy to solve...



Tags for this Thread