Jump to content


Photo

Receiving weird spam emails


  • Please log in to reply
4 replies to this topic

#1 amatuer

amatuer
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 13 May 2006 - 08:17 AM

[!--sizeo:3--][span style=\"font-size:12pt;line-height:100%\"][!--/sizeo--]Hi All,

I've got a simple contact form which sends me an email after you have filled in the reqiured fields & clicked on submit. I need to know why I'm receiving all these weird anonymous random emails because of the sendmail.php file. Originally the email address was my domains emaill address but changed it to my webmail email address (gmail),which didnt help at all. the file works but I dont understand why I'm getting spammed. [!--sizec--][/span][!--/sizec--]

<?

$SendTo = "myname@gmail.com";
$ThanksURL = "thankyou.htm"; //confirmation page
$SubjectLine = " Website Feedback";
$name = $_POST['name'] ;
$email = $_POST['email'] ;
$telephone = $_POST['telephone'] ;
$enquiry = $_POST['enquiry'] ;
$http_referrer = getenv( "HTTP_REFERER" );
$Divider = "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~";

// Build Message Body from Web Form Input
$MsgBody = @gethostbyaddr($_SERVER["REMOTE_ADDR"]) . "\n$Divider\n";

$MsgBody =
"This message was sent from:\n" .
"$http_referrer\n" .
"--------------------------------------------------\n\n" .
"Name: $name\n" .
"Email: $email\n" .
"Telephone Number: $telephone\n" .
"------------------------- ENQUIRY -------------------------\n\n" .
$enquiry .
"\n\n------------------------------------------------------------\n" ;

mail($SendTo, $SubjectLine, $MsgBody, "From: \"$name\"myname@gmail.com\r\nReply-To: \"$name\" <$email>\r\nX-Mailer: chfeedback.php 2.04" );
header("Location: $ThanksURL");

?>

These are some of the emails I'm receiving.

RECENT EMAIL 1
This message was sent from:

--------------------------------------------------

Name: ilivates4705@com.au
Email: ilivates4705@com.au
Telephone Number: ilivates4705@com.au
------------------------- ENQUIRY -------------------------

with
Content-Type: multipart/alternative; boundary=bc65d5dab9856a856f99e14116f65508
MIME-Version: 1.0
Subject: with machurer charms, a knowledge
bcc: bajfla1@aol.com

This is a multi-part message in MIME format.

--bc65d5dab9856a856f99e14116f65508
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

minute and tear one another s eyes out in the kitchen if you like. n with you. he two men seize the two women, and push them, still violently abusing one another
--bc65d5dab9856a856f99e14116f65508--

.


------------------------------------------------------------

RECENT MAIL 2

This message was sent from:

--------------------------------------------------

Name: was9375@com.au
Email: was9375@com.au
Telephone Number: was9375@com.au
------------------------- ENQUIRY -------------------------

was9375@com.au

------------------------------------------------------------


If someone knows why or has any suggestions pls pls reply. Cheers


#2 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 13 May 2006 - 08:25 AM

please read this article:

[a href=\"http://www.nyphp.org/phundamentals/email_header_injection.php\" target=\"_blank\"]http://www.nyphp.org/phundamentals/email_h...r_injection.php[/a]
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#3 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 13 May 2006 - 08:26 AM

I don't see how they should get your email, but I do have to note your form is sensitive to email-injection. See this thread: [a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=93206\" target=\"_blank\"]http://www.phpfreaks.com/forums/index.php?showtopic=93206[/a]

Oops 30 sec too late I see, [img src=\"style_emoticons/[#EMO_DIR#]/laugh.gif\" style=\"vertical-align:middle\" emoid=\":laugh:\" border=\"0\" alt=\"laugh.gif\" /]

#4 amatuer

amatuer
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 13 May 2006 - 12:03 PM

Oooooow I see..... bloody botnets!!! rrr

I'll have a proper read of the article then add the required script and see how I go. Thanks for quick reply you guys are awesome. [img src=\"style_emoticons/[#EMO_DIR#]/wink.gif\" style=\"vertical-align:middle\" emoid=\":wink:\" border=\"0\" alt=\"wink.gif\" /]

#5 werty37

werty37
  • Members
  • PipPipPip
  • Advanced Member
  • 49 posts

Posted 14 May 2006 - 05:10 PM

if ($_SERVER[HTTP_REFERER] == $our address) {

// Checks if the post is from our domain
// the mail code here


}

Will this help...?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users