Abuse Of A Php Contact Script, someone is the bcc to send out emails

Question

Karpat 0 Newbie Poster

17 Years Ago

Hi -

I have had a message today from my hosting company to tell me that one of the sites on my hosting account is having it's php code abused. Apparently someone is manipulating the php code from the contact form to allow them
to add Bcc addresses.

Any ideas on what I need to do to close this loop hole?

Thanks.

php

3 Contributors
3 Replies
76 Views
11 Hours Discussion Span
Latest Post 17 Years Ago Latest Post by stymiee

All 3 Replies

stymiee 111 He's No Good To Me Dead

17 Years Ago

Look for 'BCC' in the form submission data. If it's there, have the script die().

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

digital-ether 399 Nearly a Posting Virtuoso Team Colleague · Answer 1 · 2006-12-07T10:25:04+00:00

Look for 'BCC' in the form submission data. If it's there, have the script die().

You shouldn't just check for 'BCC' as many other email headers and the email body itself that can be "injected" into the email to be sent. Probably checking for newlines/linebreaks would be better.. ie: \r or \n

stymiee 111 He's No Good To Me Dead Team Colleague · Answer 2 · 2006-12-07T10:27:18+00:00

stymiee 111 He's No Good To Me Dead

17 Years Ago

Agreed. :)

Abuse Of A Php Contact Script, someone is the bcc to send out emails

Recommended Answers Collapse Answers

All 3 Replies

Recommended Answers