Results 1 to 5 of 5

Thread: Web site hacked

  1. #1
    Star Lounger
    Join Date
    Jun 2001
    Location
    Kendal, Cumbria, England
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Web site hacked

    My web site has a simple Contact Us form, consisting of fields for sender's name, phone no, and email address, and a message text area. This is backed up by a PHP script that does minimal validation then uses the mail command to send the message to me.
    Recently I have received some very strange messages that look as though somebody is trying to hack this facility to send spam, by including a code string in the message text area that inserts cc and bc addresses into the email header. I've attached a file containing the HTML for the page in question and copies of these messages, all in plain text format.
    I guess I could prevent this from working by scanning the text for cc or bc or email addresses, or alternatively by setting the cc and bc header fields to null. However as I don't know how the hack works - in particular at what point the code runs to insert the cc and bc addresses - I'm not sure if either of these would work.
    I'd appreciate any help and suggestions.

    George
    Attached Files Attached Files

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Web site hacked

    This line in your script appears to allow users to arbitrarily write any email headers they like to the message:

    <code>$headers = "Reply-to: " . $email . "n";</code>

    You might be able to confirm that from web logs or viewing the "raw" headers of the incoming messages.

    In any event, I suggest replacing it with this temporarily:

    <code>$headers = "";</code>

    That's a hassle for replies, obviously, but safety first!

    Added: I'm not sure what the php mail function does, but if its output is logged, you should check to see whether those logs match up with these messages. Could be they have nothing to do with your site and are just designed to look like they do.

  3. #3
    Star Lounger
    Join Date
    Jun 2001
    Location
    Kendal, Cumbria, England
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Web site hacked

    Thanks - I'll do that. I was intending to ask the hosting company if their mail server has a log that could be checked - it's possible that if the "To:" header has also been hacked then other messages could have been sent through the site without me seeing them.

    George

  4. #4
    Platinum Lounger
    Join Date
    Feb 2002
    Location
    A Magic Forest in Deepest, Darkest Kent
    Posts
    5,681
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Web site hacked

    George,

    I was hunting around the internet and it appears that this is a common problem. I typed in subject matter of your dodgy emials and a lot of websites/forums come up with people complaining of the same problem.
    Jerry

  5. #5
    Star Lounger
    Join Date
    Jun 2001
    Location
    Kendal, Cumbria, England
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Web site hacked

    Thanks Jezza - I'll have a google around. I wasn't sure where to start!
    The server log suggests that the attack originated in Thailand, although there are a few more suspicious POSTs (POSTs that did not result in an email received by me) from other countries.

    George

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •