|
Posted by Imhotep on September 15, 2005, 1:49 am
If you were Registered and logged in, you could reply and use other advanced thread options
Dale wrote:
> I'm not much of an expert about web security, and plus I'm a
> procrastinator, so when I started getting weird emails from the contact
> forms of two of my websites, I was moderately concerned, but I naively let
> it go on for a few weeks before getting annoyed enough to do anything
> about it.
>
> First I got the IP addresses of two of the spamming sites, and set up a
> .htaccess file to block them. Not really a good solution, because it's
> probably blocking entire ranges of people who'd like to see my websites.
> But it did stop the spamming cold from one of the websites.
>
> The other one kept spamming me, so I finally looked it up on the web about
> found out something about web form spamming. I didn't know it, but these
> spammers were using a weakness in my web form to spam other people. I
> guess they infect a server with a virus, probably a Windows Server, and
> then the virus accesses my web form and injects email and mime codes into
> the response, and since my script sends me a confirmation email, they use
> that to cc or bcc to some other hapless victim.
>
> So I put a spam checker function in my php script,
>
> function checkforspammer($str) {
> if (eregi("\r",$str) || eregi("\n",$str) || eregi("multipart",$str) ||
> eregi("cc:",$str) || eregi("bcc:",$str) ||
> eregi("mywebsite.com",$str)){
> $str = "spam";
> }
> return $str;
> }
>
> This may be clumsy, someone else might have something more efficient, but
> this one works. Also I started getting the IP address of the sender from
> $_SERVER['REMOTE_ADDR'], duh! I always wondered why I should do that.
> Anyway, so now the spam still gets mailed, but I run everything through
> checkforspammer after I store it in my database, but before it gets
> mailed, so it's only mailed to me and only the word "spam" is in the mail.
>
> Then I find out who owns the IP address and email them explaining that
> their server might be compromised since it's spamming my web form. For
> now, I'm also collecting the addresses in my .htaccess file. Eventually I
> could be blocking the whole world, I don't want to do that. But I figure
> the same way they figured out I was vulnerable, they'll also figure out
> they are blocked, and eventually they'll stop spamming, and then I'll
> unblock them. How will I know to unblock? Give it a couple of months?
>
> So is there anything more I can do? Anything I should be doing
> differently?
I remember something about this. What php application are you using? Is it
custom made by you?
Im
| 
XML site map