SitePoint Sponsor

User Tag List

Results 1 to 9 of 9

Hybrid View

  1. #1
    SitePoint Evangelist stef25's Avatar
    Join Date
    Nov 2004
    Location
    belgium
    Posts
    465
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    is this a hacking attempt?

    i have a contact form a website that does not have a captcha, so it gets the usual amount of spam sent through it. i also get empty messages from "root@localhost" this seems a bit worrying to me.

    there's JS validation on the form and when i turn off JS and submit the form, i get an email from "unknown sender" with all the fields listed as having no value (= normal). so this is still a different scenario from the root@locahost emails im getting (these have no body text at all)

    does anyone know how these root@localhost messages may be getting through? i dont mind the spam so much as i would suspected hacking attempts.

    thanks
    stef
    I need someone to protect me from
    all the measures they take in order to protect me

  2. #2
    Web Professional
    Join Date
    Oct 2008
    Location
    London
    Posts
    862
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's hard to tell unless we know how the contact form works. Where does the From header's value come from?

  3. #3
    SitePoint Evangelist stef25's Avatar
    Join Date
    Nov 2004
    Location
    belgium
    Posts
    465
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i think this is what you're asking?

    From: Root User <root@localhost>

    we dont store anything in a db (dont even have one on the site) so i guess someone's trying to use the form as a spamming gateway?
    I need someone to protect me from
    all the measures they take in order to protect me

  4. #4
    Web Professional
    Join Date
    Oct 2008
    Location
    London
    Posts
    862
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by stef25 View Post
    From: Root User <root@localhost>
    Yes, but I'm asking where it comes from. After all it's your contact form, your script processes it and your script sends the email so you need to know where the value comes from.

  5. #5
    SitePoint Evangelist stef25's Avatar
    Join Date
    Nov 2004
    Location
    belgium
    Posts
    465
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    usually its something like "From: aiorwxsg <vjcymd@zouaed.com>" which is the "name" and "email" fields in the contact form.

    its like they are using the php mailer script without touching the contact form. NOT just bypassing JS validation cause then it shows up as "From: " - blank value

    phpmailer also sets the same subject for each mail, which is present in normal submissions, but from these root@localhost ones the subject in gmail shows up as "no subject" ...
    I need someone to protect me from
    all the measures they take in order to protect me

  6. #6
    Web Professional
    Join Date
    Oct 2008
    Location
    London
    Posts
    862
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by stef25 View Post
    phpmailer also sets the same subject for each mail, which is present in normal submissions, but from these root@localhost ones the subject in gmail shows up as "no subject" ...
    Well this tells me these emails don't come from the contact form. How do you know they aren't sent to your email address directly?

  7. #7
    SitePoint Evangelist stef25's Avatar
    Join Date
    Nov 2004
    Location
    belgium
    Posts
    465
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    they are sent to the client and im in bcc. this bcc is only set in the phpmailer script. and in the headers it mentions the path:

    X-PHP-Script: www.replaced.co.uk/non_flash/mailer.php for 213.163.XX.XX -> this is the url of the contact form
    I need someone to protect me from
    all the measures they take in order to protect me

  8. #8
    SitePoint Member Sam Millington's Avatar
    Join Date
    Jan 2009
    Location
    New York
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My other site also facing from hacking problem. Can anyone suggest me.

  9. #9
    SitePoint Enthusiast
    Join Date
    Apr 2009
    Location
    Ljubljana, Slovenia
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'd suggest you to put php mailer out of the web access directory. One level under the root!
    ;-)
    Gregor Grajzar, web developer
    http://xweblabs.com
    http://grajzar.info


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •