I have a form with a PHP handler script in my public_html directory. It works great and I have included invisible field and other security measures. I have not used Captcha, but I’ve had no injections and haven’t needed it.
I am experiencing email spoofing, where I receive bogus emails to me, from me. In other words I receive an email to my address foo@domain.com from foo@domain.com. Obviously, my address is being used to spam and it’s driving me crazy. I’ve studied the long headers and followed the the real urls to various location in the US and even South America.
I have no open or readable email addresses on my site
I’ve changed my shared hosting password with very strong passwords over and over
I deleted all scripts, i.e. Wordpress etc, other than my php form script
I’ve run virus and rootkit detection on all my local machines, Mac and PC
And I’ve been all over the web searching for answers and cures.
I would like to try moving my php handler script out of the public_html directory to the root of my shared server. But in studying the PHPini docs, I’m unclear of the best approach in configuring the PHPini file… i.e. doc_root, user_dir, etc. The instructions aren’t the best.
I would really appreciate any guidance for configuring the PHPini file, as well as any links or direction on how others have experienced and handled this.
I don’t think the issue is related to my form.
I am just groping for answers and thinking maybe the php handler for my form located in my public folder would be vulnerable to some sort of hacking.
I’ve taken a lot of steps prior to this, but nothing works.
The problem comes and goes, as I’m sure the spammers don’t want to stay too long in one place.
I’m just trying to figure out where I’m vulnerable and I’m running out of ideas and info resources.
Thanks for responding.
Hmm
seems to me if someone was really hacking your server he/she would do a lot more than changing your PHP script to send you spam …
Maybe write down the last modified date/time of the PHP file, and upon your next received spam mail check the last modified date/time of the PHP file again.
I’ll bet you it hasn’t changed (hackers didn’t touch it).
Yea, you’ve made me realize it doesn’t make much sense. I told you I was groping. Somebody else told me that it happens regularly and you can’t do much about it. I really appreciate your advice.
It is just a matter of putting a different string of text in the “From” part of the email and sending the email from a random server. Spoofing is easy.
There are some methods to reduce its prevalence, such as SPF.
I have been learning for the last 2 years a lot about email addresses being used in spam and about forum spam and email spam.
Spammers will spoof your email address, other times they will do dictionary attacks and get lucky if you have an easy to guess email address and use free webpage based email addresses, or your email starts with your user name you use in forums, or your domain for email is the same as your domain for your site, etc. There are many ways a spammer can spam you. MANY.
But yeah, I have been getting more and more of the spoofed email myself. It is their sad attempt to bypass your spam filters as they think email from yourself would never be flagged…
Also something that happened to me a few years ago that I didn’t find out til a year later, was that my php email set up I had was able to be hacked into and spammers were using it to send out spam. But that doesn’t sound like what you are talking about…
Headers in email tell you a lot about how the spam is getting to you and the IP the spammer is sending spam from. You just have to know how to read headers. That is what I am learning now (the last 2 months) thank to KnujOn.