xoops forums

sdewis

Just popping in
Posted on: 2006/11/24 11:31
sdewis
sdewis (Show more)
Just popping in
Posts: 3
Since: 2006/2/15
#1

Sendmail.php being misused A LOT!

Hi guys

Just been looking at the usage log on one of our XOOPS websites and it appears that sendmail.php is being directly accessed in an attempt to send spam.

Our script has been modified slightly so it only sends mail out to the site admin - it's used as a "contact us" script - so the site admin is getting LOADS of SPAM e-mail. The source IP's are from all over the world, so it seems to be a botnet.

Is there a simple way of changing the script so that it checks if the script is being accessed by clicking on a link on the main page, rather than blindly accepting messages from any source?

Here's our sendmail code: -

<?
$email = $_REQUEST['email'] ;
$message = $_REQUEST['message'] ;

mail( "admin@DOMAIN.com", "Feedback Form Results",
$message, "From: $email" );
header( "Location: http://www.DOMAIN.com/register.php" );
?>

Thanks in advance for your advice guys.

Cheers

Sean

irmtfan

Module Developer
Posted on: 2006/11/24 11:55
irmtfan
irmtfan (Show more)
Module Developer
Posts: 3419
Since: 2003/12/7
#2

Re: Sendmail.php being misused A LOT!

why you don't use the simple tiny "contact" module or a better one "liaise" ? or the best IMHO "xhelp" as a help desk

OldFriend

Just popping in
Posted on: 2006/11/24 12:50
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#3

Re: Sendmail.php being misused A LOT!

I think that you can achieve this with a .htaccess file.
Deny from all