SitePoint Sponsor |
|
User Tag List
Results 1 to 9 of 9
Thread: is this a hacking attempt?
-
May 14, 2009, 04:06 #1
- Join Date
- Nov 2004
- Location
- belgium
- Posts
- 465
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
is this a hacking attempt?
i have a contact form a website that does not have a captcha, so it gets the usual amount of spam sent through it. i also get empty messages from "root@localhost" – this seems a bit worrying to me.
there's JS validation on the form and when i turn off JS and submit the form, i get an email from "unknown sender" with all the fields listed as having no value (= normal). so this is still a different scenario from the root@locahost emails im getting (these have no body text at all)
does anyone know how these root@localhost messages may be getting through? i dont mind the spam so much as i would suspected hacking attempts.
thanks
stefI need someone to protect me from
all the measures they take in order to protect me
-
May 14, 2009, 04:13 #2
- Join Date
- Oct 2008
- Location
- London
- Posts
- 862
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
It's hard to tell unless we know how the contact form works. Where does the From header's value come from?
Pawel Decowski (you should follow me on Twitter)
-
May 14, 2009, 04:16 #3
- Join Date
- Nov 2004
- Location
- belgium
- Posts
- 465
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
i think this is what you're asking?
From: Root User <root@localhost>
we dont store anything in a db (dont even have one on the site) so i guess someone's trying to use the form as a spamming gateway?I need someone to protect me from
all the measures they take in order to protect me
-
May 14, 2009, 04:21 #4
- Join Date
- Oct 2008
- Location
- London
- Posts
- 862
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Pawel Decowski (you should follow me on Twitter)
-
May 14, 2009, 04:28 #5
- Join Date
- Nov 2004
- Location
- belgium
- Posts
- 465
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
usually its something like "From: aiorwxsg <vjcymd@zouaed.com>" which is the "name" and "email" fields in the contact form.
its like they are using the php mailer script without touching the contact form. NOT just bypassing JS validation cause then it shows up as "From: " - blank value
phpmailer also sets the same subject for each mail, which is present in normal submissions, but from these root@localhost ones the subject in gmail shows up as "no subject" ...I need someone to protect me from
all the measures they take in order to protect me
-
May 14, 2009, 04:40 #6
- Join Date
- Oct 2008
- Location
- London
- Posts
- 862
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Pawel Decowski (you should follow me on Twitter)
-
May 14, 2009, 04:45 #7
- Join Date
- Nov 2004
- Location
- belgium
- Posts
- 465
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
they are sent to the client and im in bcc. this bcc is only set in the phpmailer script. and in the headers it mentions the path:
X-PHP-Script: www.replaced.co.uk/non_flash/mailer.php for 213.163.XX.XX -> this is the url of the contact formI need someone to protect me from
all the measures they take in order to protect me
-
May 14, 2009, 04:54 #8
- Join Date
- Jan 2009
- Location
- New York
- Posts
- 6
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
My other site also facing from hacking problem. Can anyone suggest me.
-
May 14, 2009, 05:13 #9
- Join Date
- Apr 2009
- Location
- Ljubljana, Slovenia
- Posts
- 36
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I'd suggest you to put php mailer out of the web access directory. One level under the root!
;-)
Bookmarks