1
sdewis
Sendmail.php being misused A LOT!
  • 2006/11/24 11:31

  • sdewis

  • Just popping in

  • Posts: 3

  • Since: 2006/2/15


Hi guys

Just been looking at the usage log on one of our XOOPS websites and it appears that sendmail.php is being directly accessed in an attempt to send spam.

Our script has been modified slightly so it only sends mail out to the site admin - it's used as a "contact us" script - so the site admin is getting LOADS of SPAM e-mail. The source IP's are from all over the world, so it seems to be a botnet.

Is there a simple way of changing the script so that it checks if the script is being accessed by clicking on a link on the main page, rather than blindly accepting messages from any source?

Here's our sendmail code: -

$email = $_REQUEST['email'] ;
$message = $_REQUEST['message'] ;

mail( "admin@DOMAIN.com", "Feedback Form Results",
$message, "From: $email" );
header( "Location: http://www.DOMAIN.com/register.php" );
?>

Thanks in advance for your advice guys.

Cheers

Sean

2
irmtfan
Re: Sendmail.php being misused A LOT!
  • 2006/11/24 11:55

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


why you don't use the simple tiny "contact" module or a better one "liaise" ? or the best IMHO "xhelp" as a help desk

3
OldFriend
Re: Sendmail.php being misused A LOT!
  • 2006/11/24 12:50

  • OldFriend

  • Just popping in

  • Posts: 99

  • Since: 2005/10/28


I think that you can achieve this with a .htaccess file.
Deny from all

Login

Who's Online

328 user(s) are online (261 user(s) are browsing Support Forums)


Members: 0


Guests: 328


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits