purplemist2002 Posted December 3, 2005 Share Posted December 3, 2005 Someone sent me an email telling me that my contact form was being used to send SPAM, causing everyone the server to be blocked by AOL? What he said... Your site seems to being used to send out spam mail. I will forward you the headers if you will give me a best address to do so. Please fix this as it is causing everyone on this server to have their mail blocked by AOL. I'm a bit of a newbie so I'm not even sure if thats possible or if he's just spamming me! LOL I know forms can be used to send spam to the email address the form is supposed to send to, but can it be used to send spam elsewhere? I think thats what this guy is trying to say anyway. I'm using a php script to send the mail. It's sort of long, I'll paste it if someone cares to see the actual script. I'm just wondering if it's possible the PHP script is doing what this guy says it's doing, and if it is, how do I stop it? Quote Link to comment Share on other sites More sharing options...
jajtiii Posted December 3, 2005 Share Posted December 3, 2005 You would only need to post the portion of your script that sends the email. If you have hard coded the 'To' field to your email, then (to my knowledge) it is unlikely that this is the problem. Someone may have hacked your site however. Post the code and let's have a look. Quote Link to comment Share on other sites More sharing options...
purplemist2002 Posted December 3, 2005 Author Share Posted December 3, 2005 <?php $myemail = "misty@mistyr.com"; $ccx = ""; if(!$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,"."))) Heh, I think I know what might be doing it. It has the option to carbon copy to the email entered. I should probably take that off, huh? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted December 3, 2005 Share Posted December 3, 2005 You got hit by the mail injection problem that surfaced last summer. Please see the article on [a href=\"http://www.nyphp.org/phundamentals/email_header_injection.php\" target=\"_blank\"]Email Header Injection Exploit[/a] for ways to fix your script. Ken Quote Link to comment Share on other sites More sharing options...
pesty Posted March 19, 2006 Share Posted March 19, 2006 I too have been hit by the botnet aka email header injection. I am in the process of changing my code on my forms. Unfortunately, I have several forms, all of which have been attacked. Anyway, I just wanted to update you on the article that Ken provided a link to. Toward the bottom of the article you'll find a list of aol names/addresses where your form is being bcc'd to. Here are more aol names/addresses to be on the lookout for. Voiettag@aol.com frekiforbes@aol.com hollowiog1503@aol.com Pesty Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.