Spam

suzie

Dear,
we have a website done using php, where we have the option to send an article from the site to a friend.using phpmailer.we have used captcha for security, but it seems that it is being spammed and the folder under
C:\Inetpub\mailroot\badmail will be full of spam mails.

so please what shall i do? any suggestions ...
thanks a lot

Regards

CoderDan

without seeing the code that turns the form submission into a mail (and probably the form itself also) it will be difficult (impossible?) to help.

jazz_snob

I think people get paid to manually spam sites. I'm certain of it. So captcha doesn't help in that case.

djjjozsi

your email address: __

your friend's email address: ___

save these two address into a database, and send a verification link to the 'your email address' email. If the user clicked on the link, you will send the article, and set that email address as trusted. You can set how many emails could a person send with his email/day.

You can also build BAN list from the spam email addresses, and IP filtering is an addition solution to block spammers.

If i enter my email address, you can check if the domain is exists. fsocketopen, gethostbyname()

If you can't recognize my email-domain, send a verification link to be sure that email does exist. You can check if the user comes from a proxy, then ask for an email verification first.

blackhorse

First, don't be panic. It could be solved. Turn off the hacked email page.

Second, In addition to the email address, the mail subject field etc could be hacked too. This could happen when you use php mail() but didn't check the header such as "subject", sender etc. For phpmailer, you need to check to see if "email header injection" is already checked and blocked or you need to do so by yourself.

Also, check the bad emails, and you will find out which exact script was attacked. Make sure that the script attacked is the one you think it is.

Search for "email header injection" and php. You will find the answer and solutions.

Basically, valid these mail headers values if you get these values from the client.

If it is not the "mail header injection" attack, then do more research and ask around here with your codes (but be careful not give out yourself to more attacks.")

Third, after you fixed the security holes and then turn back the script.

Fourth, as for the bad emails already, it depends on your server manager. Due to there might be many good emails in the mail queue. They may not be able to clean the mail queue out for you. If it is not too serious or too late, after you fix your hacked php page, the mail queue should clean up in 3-4 days or so.

Fifth, check your other scripts on this server, to see if there are same security holes. The hackers may try to get in again.