Fopen Crashes Script

[PathDæmon]

I realized yesterday that a contact form on our site was being exploited (header injection). I've been trying to block it, but things keep getting through.

I decided to set up a logging system — when someone uses the form, everything they submit is stored to a file using fopen, fwrite, and fclose

 

I spent all day trying to add this to our script. What I just realized is that if I call, for example, fopen("contact.log","a"); , the script crashes. EVERY TIME. I've wasted a day, and don't know what to do…

Edited September 11, 2005 by PathDæmon

[TCH-Bruce]

Welcome to the forums PathDæmon

 

Have you changed the permissions of the log file to 666 (world writeable)? Have you checked the error log in cPanel to see what errors you are getting?

[TweezerMan]

Welcome to the forums, PathDæmon!

[TCH-Don]

Welcome to the forums, PathDæmon

 

What form script are you using?

[PathDæmon]

Permissions turned out to be the main issue — my ftp client kept changing them. Thanks, Bruce.

 

Don — I wasn't the original site writer, but I believe it's homegrown. I'll keep updating its checks as the attempts get logged.

 

And thanks to everyone else for the warm welcome.

[TCH-Thomas]

Welcome to the forum, PathDæmon.

[stevevan]

Welcome to the forums! Glad you got it figured out.

[TCH-Bruce]

Permissions turned out to be the main issue — my ftp client kept changing them. Thanks, Bruce.

Glad I could help.

[TCH-Don]

You may want to consider changing to a more secure script.

 

I found a link that may help with seeing how the form can be compromized.

 

Email Injection shows how it is done.

[TCH-Rob]

Welcome to the forum, PathDæmon. Glad you got it working.