From: Brian Dunning on 7 Jun 2010 16:25 Hey - It looks like a PHP form on my server is insecure and is being used to send spam. This is Rackspace's best guess. The problem is there are SO MANY forms on all the web sites on this server that it would be a nightmare task to try and look at them all to be sure they're properly secured. Is anyone aware of a way to shortcut this process, maybe find out what script(s) are being attacked to send the spam? :-(
From: Peter Lind on 7 Jun 2010 16:30 On 7 June 2010 22:25, Brian Dunning <brian(a)briandunning.com> wrote: > Hey - It looks like a PHP form on my server is insecure and is being used to send spam. This is Rackspace's best guess. The problem is there are SO MANY forms on all the web sites on this server that it would be a nightmare task to try and look at them all to be sure they're properly secured. > > Is anyone aware of a way to shortcut this process, maybe find out what script(s) are being attacked to send the spam? > > :-( > Check your server access logs - if it's sending lots of spam it's getting hit more than other forms (and you should possibly see other equally interesting signs, such as referrer). Also ... if you're letting users specify an email address to send to as well as content and you don't make sure to authenticate users, you're really asking to get abused. Regards Peter -- <hype> WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 </hype>
From: Jim Lucas on 7 Jun 2010 16:35 Brian Dunning wrote: > Hey - It looks like a PHP form on my server is insecure and is being used to send spam. This is Rackspace's best guess. The problem is there are SO MANY forms on all the web sites on this server that it would be a nightmare task to try and look at them all to be sure they're properly secured. > > Is anyone aware of a way to shortcut this process, maybe find out what script(s) are being attacked to send the spam? > > :-( > > Usually it isn't your "php/html form" that is insecure, it is the processing script that processes said form. Change all the forms to use a single processing script and then you won't have such a big problem tracking down the "information processing error/insecurity" that you are having. -- Jim Lucas A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
From: Paul M Foster on 7 Jun 2010 16:48 On Mon, Jun 07, 2010 at 01:25:28PM -0700, Brian Dunning wrote: > Hey - It looks like a PHP form on my server is insecure and is being used to send spam. This is Rackspace's best guess. The problem is there are SO MANY forms on all the web sites on this server that it would be a nightmare task to try and look at them all to be sure they're properly secured. > > Is anyone aware of a way to shortcut this process, maybe find out what script(s) are being attacked to send the spam? Assuming that the form is using the mail() function or something similar to send the spam, add yourself as a recipient of the forms you manage. Then you will see for sure if *your* forms are being used for spam. If you find that your forms are being used to spam, implement CAPTCHA to hinder bots. (Nothing will stop humans manually spamming via your forms.) Very little short of this will stop bot spam. You could sanitize form values and reject spam-like forms, but that's complicated and error-prone. CAPTCHA is simpler. Paul -- Paul M. Foster
From: Brian Dunning on 7 Jun 2010 16:50 Agreed that's a great overall strategy but what I need now is a way to track down the offending script, within the next few days if possible. On Jun 7, 2010, at 1:35 PM, Jim Lucas wrote: > Change all the forms to use a single > processing script and then you won't have such a big problem tracking down the > "information processing error/insecurity" that you are having.
|
Next
|
Last
Pages: 1 2 3 Prev: empty() and method return values Next: complex if statement for field validation |