logo-dw

Go Back   Dreamweaver Club Forums > Hand Coders Forum > General
Register FAQ Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
Old 08-04-2014, 02:44 PM   #1
sydesign
 
Join Date: Jan 2011
Posts: 41
Default Help! hundreds of SPAM emails sent from form I created...

Hello everyone, I have a situation and am not sure how to handle it.

Years ago, I was making a draft for a website and chose a random host to put it up on. The issue I'm having now is that somehow SPAM bots or something has hacked the contact form I created and I'm getting 50-100 emails daily from the contact form i created. The real issue is that I don't remember where this form is hosted and how to find it to take it down. I found the html source of the emails and where I believe it is hosted, however, I took that site down and it doesn't make sense that it would come from there.

Does anyone have any suggestions as to how I can stop the emails from coming?

Maybe a way that I can block emails coming from a specific host or IP address?

The email i am getting them sent to is a Godaddy hosted email address.
sydesign is offline   Reply With Quote
Old 09-19-2014, 01:09 AM   #2
edbr
edbr's Avatar
 
Join Date: Aug 2005
Location: Bali
Posts: 11,164
Default

you can block an IP address using .htaccess or with your mail filters on yourserver probably
__________________
If you're happy and you know it shake your meds!
different style links examples

Flight / Hotel search
Free script download
Bali Villas
edbr is offline   Reply With Quote
Old 03-05-2015, 09:40 AM   #3
queen123
 
Join Date: Mar 2015
Location: United Kingdom
Posts: 1
Default

Im facing same problem
queen123 is offline   Reply With Quote
Old 03-10-2015, 04:11 AM   #4
jmichae3
 
Join Date: Dec 2010
Posts: 366
Default

Solutions you can use and combine:
  • captcha
  • email form token (a random number generated from the server and put into a hidden field for instance, can be time based) that is checked against
  • email address validation (at least make sure there are no CR's or LF's in it, commas, or ;'s which are used to separate addresses). make sure email address is in proper RFC2822 format. there are regexes for this, but be picky. note that foreign domains can be in UTF-8 format I think it may be your choice to reject those. avoid anything where domains are from certain countries (China (.cn), Russia for instance (.ru)) if you find you are having problems with them (a block list using php preg_match()).
  • do research on email form security (there are other techniques)
  • verify using PHP $_SERVER['DOCUMENT_ROOT'] that the form actually comes from the same server. note that a problem can occur if your web site gets moved to another server - if DOCUMENT_ROOT changes and it's still the same hosting company, then you will have to monitor the form for changes and have if generate some sort of up-down status page, maybe even just turn itself off and show a blank page if $_SERVER['DOCUMENT_ROOT'] has changed or send you an email *once* for each change - you would have to store the old value and the fact that you have sent the email to compare it against and update that and reset the "sent" flag after you fix the page then - in that case, you would have notification.
__________________
------------
Jim Michaels
HTML Code:
improperly<strong>nested<em>elements</strong>cause</em>
browser confusion (I believe the term is 'tag soup')!

Last edited by jmichae3; 03-10-2015 at 04:31 AM..
jmichae3 is offline   Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:50 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright 2006 DreamweaverClub.com