tfcasso Posted December 5, 2005 Share Posted December 5, 2005 Hi all, Completely and utterly out of my depth here. I keep getting the message below from totalchoice and I'm not sure it's something I should be concerned about (I think they sent it to everyone). I don't THINK I installed any scripts but I do have a few e-mail accounts (like webmaster@tfcassociation.org) that I set up through my cpanel. Does that use the scripts they are referring to? I think there's a form to send comments as well (it was a default set up in frontpage and I never really got it to work right), would that be a problem? I know I sound like a complete idiot but if I'm opening them up to hackers, I want to correct the problem. I tried looking in my public_html folder and I see some mail-related things in there but I don't know if they're the scripts they're talking about in the paragraph below or something that's supposed to be there. I'm happy to remove any possible threat but I just don't know enough to know what one is when I'm looking at it. Thanks! Erika We have seen a huge increase in the amount of exploited form mail scripts taking place on our servers. The attackers are using insecure form mail scripts to send out spam from the client's web site. It is critical that you maintain a safe and secure account by continually keeping your scripts up to date and secure. Please take a moment to review your account contents. If you're using mail form scripts and are unsure of their security you should immediately remove them from your account. Unused scripts that reside in your public_html folder are still accessible to the public and can be used at any time if they are found. In regards to your in use scripts, please check them for security. If you're unsure on how to do this you should contact the script creator as we can not provide assistance on coding or scripts. Quote Link to comment Share on other sites More sharing options...
Sarah Posted December 5, 2005 Share Posted December 5, 2005 Hi Erika- I think what they are talkign about is that many TCH clients use PHP and other types of scripts that are used to send email from their websites. TCH wants to make sure you are securing these scripts so that hackers cannot write code that inserts their own mail headers into YOUR function to send THEIR spam. If you havent written any custom code or had anyone else do it for you, I don't think you have anythign to worry about. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted December 5, 2005 Share Posted December 5, 2005 Welcome to the forums Erika The email was sent to everyone. If you have a contact form where people can fill in information it is your responsibility to make sure the script processing your form is secure and does not allow injection headers to be inserted. A secure form processor such as Ultimate Form Mail should be used. Quote Link to comment Share on other sites More sharing options...
stevevan Posted December 5, 2005 Share Posted December 5, 2005 Welcome to the forums! As Sarah said, unless you've added any mailscripts, you shouldn't have anything to worry about. Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted December 5, 2005 Share Posted December 5, 2005 Welcome to the forums Erika Quote Link to comment Share on other sites More sharing options...
tfcasso Posted December 5, 2005 Author Share Posted December 5, 2005 Thanks everyone. I removed the "feedback form" that was part of the Frontpage template so other then just regular e-mail links, that's the only thing I could think of that might cause a problem. Thanks so much for all your help! Quote Link to comment Share on other sites More sharing options...
Sarah Posted December 5, 2005 Share Posted December 5, 2005 Erika- Don't forget that just plain old 'mailto:' email links are an invitation to spammers. I'd suggest use the form mail script that was posted to make sure it is secured. Sarah Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted December 5, 2005 Share Posted December 5, 2005 Or check the help site for how to mask your email address. Quote Link to comment Share on other sites More sharing options...
stevevan Posted December 5, 2005 Share Posted December 5, 2005 The Email Obfuscator is found here. The Hiveware Enkoder Form can be found here. Quote Link to comment Share on other sites More sharing options...
Iki Posted December 8, 2005 Share Posted December 8, 2005 I've got a question about this Ultimate Form Mail - I'm Q'ing up the upload right now and I notice there's a file in there called "contact.php". Isn't this what was just filtered out and then reinstated? So if the problem happens again, this script isn't going to work either, is it? Anybody know if there's a way to rename that file to something else? Something that won't get filtered the next time the spammers run amok? You know how those pesky spammers are... they never give up. Quote Link to comment Share on other sites More sharing options...
TCH-Dick Posted December 8, 2005 Share Posted December 8, 2005 Hi Iki, You can rename contact.php to anything you like. If you take a look at the files included with that script, you will see several named contact. These are just sample forms that point the mailit script. You can view the online documentation at www.surefirewebdesign.com/scripts/docs/ which includes a breakdown of all the files. Quote Link to comment Share on other sites More sharing options...
Iki Posted December 8, 2005 Share Posted December 8, 2005 Hi Iki, You can rename contact.php to anything you like. If you take a look at the files included with that script, you will see several named contact. These are just sample forms that point the mailit script. You can view the online documentation at www.surefirewebdesign.com/scripts/docs/ which includes a breakdown of all the files. I've printed them out, studying them now. Thanks! Quote Link to comment Share on other sites More sharing options...
stevevan Posted December 8, 2005 Share Posted December 8, 2005 You might want to read through the authors forum on his website. Quite a bit of helpful information there, too! Quote Link to comment Share on other sites More sharing options...
wayne Posted December 14, 2005 Share Posted December 14, 2005 what about those of us who are using php to send mail (as opposed to those that use a form to receive mail). Is there a secure script available for this?? Quote Link to comment Share on other sites More sharing options...
abinidi Posted December 14, 2005 Share Posted December 14, 2005 Wayne, Can you give a more specific example of what you are trying to accomplish? Maybe if you gave a specific example we'd be able to point out where this type of vulnerability might lie. Regards, Quote Link to comment Share on other sites More sharing options...
wayne Posted December 15, 2005 Share Posted December 15, 2005 I have many "receipt pages" On these php pages I have code that inputs data from a form (that has been passed to my credit card gateway and then back to my page) into my database. I then email the customer a receipt using the mail() command. I have just discovered that no messages have been sent out over the last couple of weeks resulting in about 200 customers with no receipts. In another thread http://www.totalchoicehosting.com/forums/i...showtopic=24666 we have been talking about modifying the mail command with the -f parameter. The apparently tells sendmail to set the envelope address. I have done this however now mail just gets returned when I try and send it to customers with the error: "unrouteable mail domain" I have looked at ultimateFormMail however this is not feasable since I use logic on my page to write to the database and email the customer only when the bank's gateway returns a certain value for one of my variables (ie transaction has been accepted). I was using the command mail($customeremail, $mailsubject, $headers, $fromemail)and all was good in the world. Unfortunately I am going to have to manually send over 200 receipts and counting until I get some solution in place. My page is basically this. if (credit card accepted){ write data to mysql database email customer a receipt dispaly html and include links to other areas of my site } if (credit card not accepted){ display message to try again } Any advice will be much appreciated. Wayne Quote Link to comment Share on other sites More sharing options...
wayne Posted December 15, 2005 Share Posted December 15, 2005 Just an update. Got everything working again thanks to advice on this thread http://www.totalchoicehosting.com/forums/i...showtopic=24666 and the help desk. As usual service at TCH just ROCKS. Thanks all!!!! Wayne Quote Link to comment Share on other sites More sharing options...
gabeanderson Posted December 31, 2005 Share Posted December 31, 2005 A secure form processor such as Ultimate Form Mail should be used. I'm trying to set up Ultimate Form Mail, as suggested, but am getting an error related to Ioncube: /home/faces/public_html/contactform/antispoof/seed.php cannot be processed because an untrusted PHP zend engine extension is installed. Read more about this message You can see the error here: http://www.100faces.org/contactform/contact.php Any suggestions? Thanks! -Gabe Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted December 31, 2005 Share Posted December 31, 2005 You need to update the ioncube loaders. The loaders are found here http://www.ioncube.com/loaders.php The ones you need are; http://downloads.ioncube.com/loader_downlo...ers_lin_x86.zip Download the loaders, unzip the file, upload the 4.4 file to your ioncube directory (ideally in binary) and then everything should be fine (hopefully ) Quote Link to comment Share on other sites More sharing options...
gabeanderson Posted January 3, 2006 Share Posted January 3, 2006 You need to update the ioncube loaders. The loaders are found herehttp://www.ioncube.com/loaders.php The ones you need are; http://downloads.ioncube.com/loader_downlo...ers_lin_x86.zip Download the loaders, unzip the file, upload the 4.4 file to your ioncube directory (ideally in binary) and then everything should be fine (hopefully ) Thanks, Andy! It says that the files loaded properly, but the form still isn't working. http://www.100faces.org/ioncube/ioncube-loader-helper.php' Suggestions? Thanks, Gabe Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted January 3, 2006 Share Posted January 3, 2006 Did you upload all the UFM files in Binary mode ? If so, then I'd suggest a chat with Jack (the author of the script). Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted January 3, 2006 Share Posted January 3, 2006 If you go to Jacks site, you will see this issue discussed on his forums. It looks like you need to remove all reference to anti_spoof in mailit.php. I'd check with him - http://www.surefirewebdesign.com/ufm Quote Link to comment Share on other sites More sharing options...
surefire Posted January 3, 2006 Share Posted January 3, 2006 (edited) Yes... I'm very helpful. Head over to my forum. Also, version 3 is out in a day or two. Edited January 3, 2006 by surefire Quote Link to comment Share on other sites More sharing options...
kahill Posted January 5, 2006 Share Posted January 5, 2006 I have UFM loaded and "think" I have mailit configured ok. I fill out the form and then get sent to my thank-you page. But I get no form sent to my designated recipient email. Any suggestions? I've been trying to figure out why for 4 hours. It works on another site I fixed this afternoon.... Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted January 5, 2006 Share Posted January 5, 2006 Any typographical error in the email address? Well I always start with the obvious If you send an email direct to that recipient email address - is it working properly and arriving ? Quote Link to comment Share on other sites More sharing options...
kahill Posted January 5, 2006 Share Posted January 5, 2006 Any typographical error in the email address? Well I always start with the obvious If you send an email direct to that recipient email address - is it working properly and arriving ? yes - I checked the spelling and I'm receiving email on it fine and the other form I fixed this afternoon sends to that same address. I'm thinking it could be the old code and the way the radio buttons are labeled now that I've been reading some about that. Seems that would just give an error instead of passing through to the "thank you" page without sending the info on to my recipient email... Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted January 5, 2006 Share Posted January 5, 2006 That sounds like the code then. I'd be tempted to copy the from on the one that's working to the same location (but different file name) as the one that's not. Then test that. That way you should know if it's the code or not. Quote Link to comment Share on other sites More sharing options...
kahill Posted January 5, 2006 Share Posted January 5, 2006 That sounds like the code then. I'd be tempted to copy the from on the one that's working to the same location (but different file name) as the one that's not. Then test that. That way you should know if it's the code or not. Thanks Andy - I've gotten this far with figuring out how this has written. Got the needed elements in the form so far....I've gotten it to submit and then take me through to the thank you page, but no email is coming to me still. Boy it's been a long day .... Quote Link to comment Share on other sites More sharing options...
kahill Posted January 5, 2006 Share Posted January 5, 2006 (edited) Just a note: I had "recipient" set to the same email address as the email address I entered into the form to test. When I stopped using the same email address in the "recipient" and what I put in the form to test (actually, I added another one of my differrent emails in the "recipient" to try sending to 2 recipients) - the form transmitted the information properly. I am thinking I should not have been trying to test the form by enteriing the same email in the form as the "recipient" was set in mailit. Live and learn Edited January 5, 2006 by kahill Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted January 6, 2006 Share Posted January 6, 2006 Glad you sorted it out. Quote Link to comment Share on other sites More sharing options...
surefire Posted January 6, 2006 Share Posted January 6, 2006 Although kahill figured this out through testing, we did communicate a bit in my online forum. I mention this because Ultimate Form Mail clients can always expect timely support from me at that location. I have received consistent praise for the turnaround and quality of my responses... and TCH clients do receive extra special care. Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted January 6, 2006 Share Posted January 6, 2006 We know you do Jack hence my link to your forum about 10 items earlier in this thread As with any good script / program, the author is nearly always a great place to get some support. Quote Link to comment Share on other sites More sharing options...
kahill Posted January 7, 2006 Share Posted January 7, 2006 We know you do Jack hence my link to your forum about 10 items earlier in this thread As with any good script / program, the author is nearly always a great place to get some support. Oh, sure, I agree! I just didn't really know where to start first since UFM was recommended here among the great TCH family - so I just started here first. Surefire is on the ball! Quote Link to comment Share on other sites More sharing options...
jayson Posted January 7, 2006 Share Posted January 7, 2006 Can I ask a question? (I do not waht to piggyback but this is a question I need answered) ok, I built a contact page in FP, this is the script: <form method="POST" action="_vti_bin/shtml.exe/contact.html" webbot-action="--WEBBOT-SELF--"> <!--webbot bot="SaveResults" S-Email-Format="TEXT/PRE" S-Email-Address="emailaddress" B-Email-Label-Fields="TRUE" B-Email-Subject-From-Field="FALSE" S-Email-Subject="subject" S-Builtin-Fields U-Confirmation-Url="thankyou.html" startspan --><input TYPE="hidden" NAME="VTI-GROUP" VALUE="0"><!--webbot bot="SaveResults" i-checksum="43374" endspan --> <p>name:<br> <input type="text" name="name" size="20"> <p>Email Address:<br> <input type="text" name="email" size="20"></p> <p>Comments:<br> <textarea rows="2" name="Comments" cols="20"></textarea></p> <p><input type="submit" value="Submit" name="B1"><input type="reset" value="Reset" name="B2"></p> </form> is this the type of scripts that are getting hacked into, I got little knowledge into email scripts, and need to know of a good easy to understand and simple script for contact page. This script allows one email per submit. Thanks Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted January 7, 2006 Share Posted January 7, 2006 You are only showing the form its the form processor that is the problem for most scripts they do no checking of the submitted data, just pass it on the the mail function. The data needs to be checked A spammer will try to add control characters to trigger BCC and Subject and a new message in one of the form fields like the visitors e-mail address and then off goes the spam. So the form processor must check the data before it sends it. and limit the fields to a reasonable length for each field. like maxlength="50" I can't help with FP as I do not use it. Quote Link to comment Share on other sites More sharing options...
stevevan Posted January 7, 2006 Share Posted January 7, 2006 Don is right on the ball. The processor would take the names of the fields and simply pass on the content of the fields. If I remember my FP correctly, there is nothing that does any data checking. FWIW...UFM can be as basic or elaborate as you would like it to be. If you use it, I would encourage you to read the documentation a couple of times (I know I did!) to get more of an idea of what was going on. Plus, as stated above, if you get stuck, you've got Surfire's forum as well as your TCH family members to help unstuck (?) you! Quote Link to comment Share on other sites More sharing options...
Gio Posted June 1, 2006 Share Posted June 1, 2006 (edited) Is Zend_Mail secure enough to use to send emails from my php web site? Thanks Edited June 1, 2006 by Gio Quote Link to comment Share on other sites More sharing options...
laurin1 Posted September 28, 2006 Share Posted September 28, 2006 Just an update. Got everything working again thanks to advice on this thread http://www.totalchoicehosting.com/forums/i...showtopic=24666 and the help desk. As usual service at TCH just ROCKS. Thanks all!!!! Wayne That page doesn't exist. What did you do? Quote Link to comment Share on other sites More sharing options...
TCH-Thomas Posted September 28, 2006 Share Posted September 28, 2006 The thread Wayne refers to is here. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.