Getting spam going out through a client acocunt... but not him doing it... very odd.

I am thinking someone is spamming a script he uses but not sure. If this makes any sense, can someone MSN me jeff@presage-designs.com and offer some help.

I got a little cash in my paypal if you can help me solve.

Simple, remove the formail.cgi and formmail.pl scripts. Have your clients use a php mail script instead.

Ok, it is php... so it can't be it then?

Sure it can, they aren't perfect either. Which script is it and what version?

ok, thanks so much for this help... I've posted it below... if this was the wrong way to post code (never done it before), just let me know.


<?php
$font="<FONT face='Verdana,Arial,Helvetica' color=#0000ff>";
$today = date("Y-m-d H:i:s");
$to ="$mail_recipient";
$subject ="$mail_subject";
$from ="$mail_from";
$formpage =$_SERVER["HTTP_REFERER"];
$extraHeaders ="From: $from\nMIME-Version: 1.0\nContent-Type: text/html\n\n";
$message ="${font}Submitted from $formpage on $today (Server time).<p>\n";
$message .= "\n<table border=2 cellpadding=5 cellspacing=5>"; // comment if no <table>

while ($array_cell = each($HTTP_POST_VARS)) // $_POST
{
if ( $array_cell['key'] == 'mail_from') continue;
if ( $array_cell['key'] == 'mail_recipient') continue;
if ( $array_cell['key'] == 'mail_subject') continue;
if ( $array_cell['key'] == 'mail_nextpage') continue;

$message .= "<tr><td>".$array_cell['key']."</td><td>".stripslashes($array_cell['value'])."</td></tr>"; // comment if no <table>
}
$message .= "</table><p>"; // comment if no <table>

mail("$to", "$subject", "$message", "$extraHeaders");
echo "<meta http-equiv=\"refresh\" content=\"0;url=$mail_nextpage\">";

?>

Uh prolly not a good idea to post code here on the forum. But that's not the code I was referring too. What script does he use to process it? (looks to me like a script called formpage)

Email it to me and I'll get one of my guys on it for you (I'm going out for a bit).

That is the processing script.

Ok, Rachel's got ya covered till I get back.

Insanely nice of you.

That php script doesn't even check the referer, which makes it ten times worse than even FormMail 1.3 (01/21/96). It's definitely a potential spam target.

Try looking at some of these for reference:

http://php.resourceindex.com/Complete_Scripts/Form_Processing/

Solution:

Remove the PHP script, tell him to rewrite it to only accept mail under certain circumstances (originating IP address etc, referer URL plus a database session)

If he puts it back up without your permission, terminate account.

That's completely open to spam afaik

No worries guys, we wrote em one last night and sent it to him.

Thanks again everyone.

xAngelx, was extremely kind enough to help me pinpoint all the issues with the script and also provide me with a very secure one which my client is implementing right now.

Regards,
Jeff Piper