User Name Password Register
DaniWeb IT Discussion Community
All
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 391,694 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,200 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 979 | Replies: 2
Reply
Join Date: Dec 2006
Posts: 3
Reputation: Znojmic is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
Znojmic Znojmic is offline Offline
Newbie Poster

Abuse of a PHP contact script

  #1  
Dec 17th, 2006
Hi -

I have had a message today from my hosting company to tell me that one of the sites on my hosting account is having it's php code abused. Apparently someone is manipulating the php code from the contact form to allow them
to add Bcc addresses.

Any ideas on what I need to do to close this loop hole?

Thanks.
AddThis Social Bookmark Button
Reply With Quote  
Join Date: Sep 2006
Location: Michigan
Posts: 22
Reputation: DennisP is an unknown quantity at this point 
Rep Power: 2
Solved Threads: 0
DennisP DennisP is offline Offline
Newbie Poster

Re: Abuse of a PHP contact script

  #2  
Dec 19th, 2006
Post the content of the file, please. Enclose it in the [code] tags.
Simple PHP Pagination - No Database Required.
If you like it, give me some props. ;)
Reply With Quote  
Join Date: Dec 2006
Location: GermanyMunich
Posts: 33
Reputation: remcov is an unknown quantity at this point 
Rep Power: 2
Solved Threads: 0
remcov remcov is offline Offline
Light Poster

Re: Abuse of a PHP contact script

  #3  
Dec 19th, 2006
First thing you need to do is disable the script that is being comprimised. I have dealt with this issue and you do not want to be blacklisted

The problem is that they inject line feeds and the code for the up and left arrow key to insert for example a bcc. Take a look here, to solve the line feed. http://www.gerd-riesselmann.net/arch...-contact-forms

The up arrow and stuff is a little bit harder to fix. I can't give out the code unfortunatly cause I did not write it.... But with some Googleling you could find something.

I hope you get your forms safe again.
Reply With Quote  
Reply

Only community members can participate in forum threads. You must register or log in to contribute.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 

DaniWeb PHP Marketplace
Thread Tools Display Modes

Similar Threads
Other Threads in the PHP Forum

All times are GMT -4. The time now is 2:37 am.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC