Mail question re spam

the mail() function

Moderators: macek, egami, gesf

billygoatkaraoke
New php-forum User
New php-forum User
Posts: 91
Joined: Sat Aug 13, 2011 7:20 pm

Mail question re spam

Postby billygoatkaraoke » Tue Jan 24, 2012 5:05 pm

Hi

I have had an email account or address of mine hijacked (my provider has suspended my account).

I'm trying to figure how it's been done (can't find anything in my email client, and have run three separate virus and spyware programs with nothing).

Then I thought of some php mail code I have on a site:

mail($emailTo, 'blah blah', $body, 'From: $myEmail');

I have two questions if someone can help me out:

1. is the above code safe? Can someone hijack an account through it?

2. what's to stop ANYONE from having their own php mail code like above, and just putting someone's email address in the From: section? You could use it to send emails to addresses all day long without having to know the 'From' address password. Or am I misunderstanding something here?

Thanks

Shaun

TheProdigyGuy
New php-forum User
New php-forum User
Posts: 215
Joined: Wed Dec 07, 2011 5:25 pm

Re: Mail question re spam

Postby TheProdigyGuy » Tue Jan 24, 2012 6:06 pm

Hello billygoatkaraoke,Glad to see you )
Hijacked is it means hacked ? or?
Well if your password stealed for that email possible reasons:
1) Do not use same passwords everyvere(This is possible from database which you are signuped yet with that password dump your password(hash) then submit to online md5 crack sites + if you are using weekness passwords this is possible)
So,do not use same password everyvere and use instead different passwords for different services.
2) This is also possible to gain password through Phishing attack.
3) This is also possible to hack your website or hosting company then get that your password
4) This is possible bruteforce against your account(facebook,msn,etc etc) and gain your password.
5) This is possible too infect your computer with some troyan dropper then drop keylogger+steal your passwords+then self destroy that keylogger on your computer without traces!(Antivirusses s*cks)
6)Use legal and only from oficial softwares(Do not use warez etc etc) this is possible to steal your passwords with backdoors(which is included 80% of warez)
7)Use Firewall to secure your network(because this is possible locally(frm local network) sniff your traffic(ARP spoof) then get your password while it transmits over network)
8) Do not use public aka 'FULLY ANON ELITE proxies' in fact such services is sniffer!
9) Do not sit on public computers(Inet Cafe,Free Wifi) (Again Sniffing or DNS Spoofing and your passwords can be stealed!)
10) Possible but is not common: May be your ISP was compromised and backdoored(Possible to sniff passwords or again DNS spoof)
Use VPN or at least Surf Over SSH(BTW,Protects from SSL Beast)
Etc etc...


+
mail($emailTo, 'blah blah', $body, 'From: $myEmail');

Using such services spammers+'scriptkiddiez' can do more bad things! In ex: Mail to someone with bad things etc etc nasty.
I think it is abused and thats why your account Suspended from your hosting.

day long without having to know the 'From' address password.

Sure!
Use that code only for your personal works and do not public it otherwise it will be abused.

I would recommend to you 1'st ckeck for spyware+rootkit(Use Unhackme<=What a Great programm!!!)
Then secure your machine use Firewall (In ex: Comodo ISS which is free for peronal use)
Then change all your passwords +secret question+secret answers to all your mails,accounts,etc.
And Be Paranoia like me xD))
Cheers.

billygoatkaraoke
New php-forum User
New php-forum User
Posts: 91
Joined: Sat Aug 13, 2011 7:20 pm

Re: Mail question re spam

Postby billygoatkaraoke » Wed Jan 25, 2012 5:41 pm

Thanks Prodigy

With regard to mail($emailTo, 'blah blah', $body, 'From: $myEmail');

1. you say not to use it except for personal stuff. I am using it on a site to send an activation email to users when they register on my site (not the site that was hacked btw). If this is vulnerable code, how do you safely send emails using php?

2. Is there nothing you can do to stop your email address being used in code like above that a spammer has set up in their own webpage? I guess my real question is, whose email server is being used? Is it the server that the webpage belongs to, or the $emailTo server?

Thanks

TheProdigyGuy
New php-forum User
New php-forum User
Posts: 215
Joined: Wed Dec 07, 2011 5:25 pm

Re: Mail question re spam

Postby TheProdigyGuy » Wed Jan 25, 2012 6:12 pm

Well,
mail($emailTo, 'blah blah', $body, 'From: $myEmail');

Defining $headers => + using $myemail
From: $myEmail
theris is a chance $mymail can be spoofed by bad guy.

If it is defined 'statically'
like
$myEmail='legal_my_mail_but_must_@belongs_tomyhosting_company';
mail($emailTo, 'blah blah', $body, 'From: $myEmail');
This is legal way.

It may be abused as well like below:

Lets say yourhostingcompany=dreamhost.com
but you are going to spoof:
in ex:

$myEmail='itsme@gmail.com';
mail($emailTo, 'blah blah', $body, 'From: $myEmail');

In case using mail() function like this Peace of Spoof(Can be abused)

Instead use:(i suppose your site hosted at dreamhost.com)
$myEmail='itsme@dreamhost.com';
mail($emailTo, 'blah blah', $body, 'From: $myEmail');
This is legal way.

+ legal way can be abused too: In this condition:(Vulnerable code)

$mymail='mylegalmail@myhostcompany.com';
Then hacker Somehaw managed to overwrite that $myEmail (with he's own mail) (Spoof)
Yes it can be abused as well too.
Anyway:
When sending mails from your site use your own mail which belongs to your hosting company.

I guess my real question is, whose email server is being used? Is it the server that the webpage belongs to, or the $emailTo server?

When sending from your site all that trafic goes throught your hosting company and accepter($emailto)
can trace that server ip easily (Show Me Message Headers in Mail Client and Thats all)

billygoatkaraoke
New php-forum User
New php-forum User
Posts: 91
Joined: Sat Aug 13, 2011 7:20 pm

Re: Mail question re spam

Postby billygoatkaraoke » Wed Jan 25, 2012 7:00 pm

Thanks mate - I appreciate the in depth explanation.


Return to “PHP coding => Mail”

Who is online

Users browsing this forum: No registered users and 1 guest

cron