Sending spam through my hosting.

the mail() function

Moderators: macek, egami, gesf

luckylouie
New php-forum User
New php-forum User
Posts: 3
Joined: Wed Dec 07, 2011 6:37 am

Sending spam through my hosting.

Postby luckylouie » Wed Dec 07, 2011 6:55 am

Hi;

I had an email from my hosting company which said that my account was hacked and one script in images folder is trying to send thousands of spams(file name : "/public_html/images/sm5vy7.php"). they blocked my account and asked me to check if there is any script or code that may cause this problem.
The only server side page I had was a contact.php file that has mail() function in it. the code is like this;

"if( isset($_POST['submit'])) {
$name=$_POST['name'];
$comment=$_POST['comment'];
$email=$_POST['email'];
$phone=$_POST['phone'];
$to = "sample@gmail.com";
$subject = "sample";
$message = "sample";
$from = "$email";
$headers = "Content-type:text;charset=utf-8" . "\r\n";
$headers .= "From: $from" . "\r\n";
mail($to,$subject,$message,$headers);
}"

My question is "can the code I used cause any security problem that someone be able to create a php file in my images folder?"

Thank you in advance
I'm really in a big trouble

User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: Sending spam through my hosting.

Postby egami » Wed Dec 07, 2011 8:13 am

Yes.
Because the $_POST['email'] is writing to your email headers, which will overwrite your $to.

luckylouie
New php-forum User
New php-forum User
Posts: 3
Joined: Wed Dec 07, 2011 6:37 am

Re: Sending spam through my hosting.

Postby luckylouie » Wed Dec 07, 2011 8:53 am

egami wrote:Yes.
Because the $_POST['email'] is writing to your email headers, which will overwrite your $to.


thank you for your answer but I meant how that file could be created there?
my code couldn't create this. (/public_html/images/sm5vy7.php)

User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: Sending spam through my hosting.

Postby egami » Wed Dec 07, 2011 9:46 am

you must have some kind of upload mechanism in your site somewhere, that doesn't check to make sure that it's just an image.


Return to “PHP coding => Mail”

Who is online

Users browsing this forum: No registered users and 0 guests