Jump to content

Recommended Posts

It's been ages since I set up this script for our contact page (http://www.bluegrassgardens.com/contact.html). I have been noticing a lot of "form submission" emails being forward to our main email address lately and am trying to figure out what is going on. I just tested it and NO contact mail is being forwarded on to us. Just the blank "form submission" emails. I have updated the page a few times with FrontPage, so therein could be the cause. Or I was wondering if I have done something in the control panel that could affect the script and what it could be. I haven't touched any of that code manually since I made that page and frankly, I have forgotten how the whole thing works. All I remember was that it was a pain in the butt to get it all working correctly. I believe there are several differeant scripts working together here. You might be able to tell better than I if you look in the source. The sendit.php (http://www.bluegrassgardens.com/sendit.php) looks like it maybe shouldn't be doing what it's doing, but I don't know if it's supposed to do that or not when you access it directly. Just looking for a little help here to see if I can get these scripts working correctly again. Appreciate any help......

Link to post
Share on other sites

If it has been a while since the script was added I would strongly suggest either deleting it and adding a new one or at the very least check with whoever wrote the script and update it to the latest version. Problems may be due to incompatibility with newer versions of PHP. There are folks out there that love to look for old versions of contact us type scripts and use security holes in them to try and spam.

Link to post
Share on other sites

If I were you, I'd look into a different form script. Another forum I follow has people constantly complaining about the security issues present in formmail.php. Apparently it is easy to inject header information into the form, which can compromise your account, bog down your server, and get your account suspended. I'm not saying this is GOING to happen to you, I'm just warning you that it MIGHT.

 

Anyway, good luck.

Link to post
Share on other sites
If I were you, I'd look into a different form script. Another forum I follow has people constantly complaining about the security issues present in formmail.php. Apparently it is easy to inject header information into the form, which can compromise your account, bog down your server, and get your account suspended. I'm not saying this is GOING to happen to you, I'm just warning you that it MIGHT.

You can't really go by the name of the script; There are dozens of different scripts named formmail.php. From a quick look at the source to the script they were using, it looks like it should be secure against header injections.

Link to post
Share on other sites

As the script is based on Matt's Formmail.php (apparentley the arguments are the same) which has alot of security problems, this script is banned.

 

Can I please suggest you find something else and remove the script as soon as possible.

 

Many thanks

 

JimE

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...