Abuse of a PHP contact script

Reply

Join Date: Dec 2006
Posts: 3
Reputation: Znojmic is an unknown quantity at this point 
Solved Threads: 0
Znojmic Znojmic is offline Offline
Newbie Poster

Abuse of a PHP contact script

 
0
  #1
Dec 17th, 2006
Hi -

I have had a message today from my hosting company to tell me that one of the sites on my hosting account is having it's php code abused. Apparently someone is manipulating the php code from the contact form to allow them
to add Bcc addresses.

Any ideas on what I need to do to close this loop hole?

Thanks.
Reply With Quote Quick reply to this message  
Join Date: Sep 2006
Posts: 23
Reputation: DennisP is an unknown quantity at this point 
Solved Threads: 0
DennisP DennisP is offline Offline
Newbie Poster

Re: Abuse of a PHP contact script

 
0
  #2
Dec 19th, 2006
Post the content of the file, please. Enclose it in the [code] tags.
Simple PHP Pagination - No Database Required.
If you like it, give me some props. ;)
Reply With Quote Quick reply to this message  
Join Date: Dec 2006
Posts: 33
Reputation: remcov is an unknown quantity at this point 
Solved Threads: 0
remcov remcov is offline Offline
Light Poster

Re: Abuse of a PHP contact script

 
0
  #3
Dec 19th, 2006
First thing you need to do is disable the script that is being comprimised. I have dealt with this issue and you do not want to be blacklisted

The problem is that they inject line feeds and the code for the up and left arrow key to insert for example a bcc. Take a look here, to solve the line feed. http://www.gerd-riesselmann.net/arch...-contact-forms

The up arrow and stuff is a little bit harder to fix. I can't give out the code unfortunatly cause I did not write it.... But with some Googleling you could find something.

I hope you get your forms safe again.
Reply With Quote Quick reply to this message  
Reply

This thread is more than three months old.
Perhaps start a new thread instead?
Message:


Thread Tools Search this Thread



About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC