Re: Web Server Security

I highly doubt that a bot would be using
our forms since all the coding is in PHP and not visible to users.
That only leaves the possibility of insecure SMTP.

Form spammers LOVE php forms, since a very high percentage of them in "free
script repositories" are faulty and allow spammers to do what is called
"injection". Perl scripts run a not too distant second. Here is some
relevant information for you :

From a post from about 28.8.2006
The spammer injects the characters '\n' and '\r' (end of line and carriage
return) in an explotiable web form  and then adds "bcc:" followed by a
long list of spamees. (If you start getting "bounces" then that is what
has happened). If he is allowed to do this several times, you end up on a
set of email blocklists from which removal is damn near impossible. At
that point your provider either disconnects you or puts a contract out on
you (depending on where you live) or both.

Spammers aren't usually the brightest bulbs in the box, so they like this
technique because it requires virtually no talent and can be run from a
script. Also, about a 10-15% of the forms I see are exploitable, despite
the stellar credentials of some of the webmasters owning then. It's just
that easy to overlook.

Verify that there is a control character filter on you web form or that
the mail handler you use does not accept the "bcc" statement. Either one
will foil his attempts. 
To filter:
with php use
"if(egregi("\r",[field]) || egregi("\n",[field])) die("No Spam From Me!")   
with perl use regular expression matching
with C and C++ use regexec and regcomp.
to trap these characters.

The author failed to mention that sendmail and postfix happily accept bcc:
statements.

Also, from another post:

Some more techical information is on Damon Kohler's wiki at
http://www.securephpwiki.com/index.php/Email_Injection. Even if you
are not too technical, it is worth a read to see what you are up against.
















.

Relevant Pages

  • Re: query string passing woes........ help... please....
    ... I'm a total newbie at php. ... A hint, take a look at headerto see how to redirect to another page, ... visiting comp.mail.sendmail asking why spammers been able to send mail ... take long for those spammers to find the mail-forms, ...
    (alt.php)
  • Re: Need a simple database for name and email only
    ... |> how to google ... | lecture) so I could find examples for guidance and tutoring to set up ... if you want to use php for this, ... I hate spammers. ...
    (alt.php)
  • Re: Share my calendar
    ... Now, being a cooperative they share their servers between many users, ... discovered ('php injection', or something like this) which allowed ... spammers to use your site in some cases to send spams, ... l'initiale de Frédérique manque devant l'adresse email ci-dessus ...
    (uk.comp.sys.mac)
  • Re: PHP and MySQL Connection
    ... Is the above line of code a security risk to hackers and spammers? ... know PHP is executed on the server side, but I feel having a file ... I reckon that having passwords within the php file (as in ...
    (alt.php)
  • Can not delete a file with 8bit characters in the name
    ... I have received several attachments from spammers with ... 8bit characters in their filenames. ...
    (microsoft.public.win2000.file_system)
Quantcast