• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Website form -> email issues

Confused

Confused

Elite Member
Hi,

Our work has a website that uses a form to email to us for brochure requests. The script that I found to do so has started being used for sending many spam messages from the server - and we've been told to remove it.

Can anyone suggest some secure code that I could use for people to fill in a basic form, and have it emailed to us?


Many thanks!


Garry
 
There are a lot of ways to hack a web form that sends email. Once at my old job we had an old version of an opensource Perl script that sends emails. It was hacked and spammers were sending spam to the world through our web server...

The biggest thing to do is hard-code the email addresses into the script. Don't have them as hidden fields or anything in the web form. Have the script know and control who gets the actual email. Another option is to have a mechanism in the script to make it check the TO address before actually sending the mail, and have it remove any addresses that are not for the approved domain(s).

Since I don't know what your script looks like, I can't give much more advice on how they are actually using it to spam people.


edit: if you are using an open source script to handle the mail, feel free to let us know which. Maybe you just aren't using some feature included with it, like the domain checking for example.
 
The user fills out an HTTP form, which is posted to a php page (it's contents are in the attached code), which parses the input from the form, sends the email and forwards them to a "Thanks" page. This should, as far as I know, email it to a single email address only...

I'm not too hot on this, it was designed/written by someone else, I've recently come on board and have to deal with the issues 😉

Thanks for help so far 🙂


Garry
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top