SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    Aug 2005
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    URL Hijacked by spammers

    Hello,

    I wanted to know if anyone had a suggestion on how to solve this problem. Our website was recently hijacked by spammers. We discovered this after receiving undeliverable mail back to our mailbox. Our URL was being used to send out spam. Any ideas on how this can be eliminated. The spam has subsided quite a bit but is still being periodically sent out. Is this something one has to just wait out on or is there a way to trace the spammers. Thanks for your thoughts.

    WKA

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,260
    Mentioned
    196 Post(s)
    Tagged
    2 Thread(s)

    mail script hijacking

    Quote Originally Posted by wamiteye
    ... just wait out ...
    Goodness NO!
    Ironic that a safety site would have such a major security flaw. I'll forego any urges I have to chastise.
    The contact page's source reveals this code
    HTML Code:
    <form name="Safetybasement@yahoo.com" method="post" action="emailform.asp">
    <BR>
    <BR>
    Name: <input type="text" name="name" value=""><BR>
    State: <input type="text" name="State" value=""><BR>
    email: <input type="text" name="email" value=""><BR>
    <BR>
    <BR>
    Sample DropDown1: <select name="Sample DropDown1">
    <option>Enquiry</option>
    <option>Suggestion</option>
    <option>Complaint</option>
    </select>
    <BR>
    <BR>
    Sample Text Area: <textarea name="Sample Text Area" rows="8" cols="65"></textarea>
    <BR>
    <BR>
    <input type="submit" name="submit" value="submit">
    <input type="hidden" name="email_From" value="info@safetybasemet.com">
    <input type="hidden" name="email_To" value="info@safetybasemet.com">
    <input type="hidden" name="email_Subject" value="Contact Form Submission">
    <input type="hidden" name="email_ThankYou" value="Thank you for submitting your request.">
    <input type="hidden" name="email_Redirect" value="">
    </form>
    If I were to copy the page's sorce on my computer but change
    HTML Code:
    <input type="hidden" name="email_To" value="info@safetybasemet.com">
    to
    HTML Code:
    <input type="hidden" name="email_To" value="spamVictim1@hotmail.com,spamVictim2@aol.com,spamVictim3@netzero.net,etc.etc.">
    and if the email script does not validate the hidden field's value, SPAM attempt SUCCESSFUL
    I suggest removing the hidden field and hard coding the value into the emailform.asp file.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •