PHP - Sending Spam Through My Hosting
Hi;
I had an email from my hosting company which said that my account was hacked and one script in images folder is trying to send thousands of spams(file name : "/public_html/images/sm5vy7.php"). they blocked my account and asked me to check if there is any script or code that may cause this problem. The only server side page I had was a contact.php file that has mail() function in it. the code is like this; "if( isset($_POST['submit'])) { $name=$_POST['name']; $comment=$_POST['comment']; $email=$_POST['email']; $phone=$_POST['phone']; $to = "sample@gmail.com"; $subject = "sample"; $message = "sample"; $from = "$email"; $headers = "Content-type:text;charset=utf-8" . "\r\n"; $headers .= "From: $from" . "\r\n"; mail($to,$subject,$message,$headers); }" My question is "can the code I used cause any security problem that someone be able to create a php file in my images folder or someone has accessed my account?" Thank you in advance I'm really in a big trouble Similar TutorialsHi the user fill details and then the email his sent to me the only problem is that the emails keeps going to my spam, can someone help me out please I looked already php website and email format looks the same. This is the link to my form. http://www.people.eurico.co.uk/ here my form script Code: [Select] <?php // Set email variables $email_to = 'xxxxx@xxxxxxx.co.uk'; $email_subject = 'Call back form'; // Set required fields $required_fields = array('fullname','email','telephone','comment'); // set error messages $error_messages = array( 'fullname' => 'Please enter a Name to proceed.', 'email' => 'Please enter a valid Email.', 'telephone' => 'Please telephone.', 'comment' => 'Please enter your Message to continue.' ); // Set form status $form_complete = FALSE; // configure validation array $validation = array(); // check form submittal if(!empty($_POST)) { // Sanitise POST array foreach($_POST as $key => $value) $_POST[$key] = remove_email_injection(trim($value)); // Loop into required fields and make sure they match our needs foreach($required_fields as $field) { // the field has been submitted? if(!array_key_exists($field, $_POST)) array_push($validation, $field); // check there is information in the field? if($_POST[$field] == '') array_push($validation, $field); // validate the email address supplied if($field == 'email') if(!validate_email_address($_POST[$field])) array_push($validation, $field); } // basic validation result if(count($validation) == 0) { // Prepare our content string $email_content = 'peoplesmartlearning.co.uk: ' . "\n\n"; // simple email content foreach($_POST as $key => $value) { if($key != 'submit') $email_content .= $key . ': ' . $value . "\n"; } // if validation passed ok then send the email mail($email_to, $email_subject, $email_content); // Update form switch $form_complete = TRUE; } } function validate_email_address($email = FALSE) { return (preg_match('/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i', $email))? TRUE : FALSE; } function remove_email_injection($field = FALSE) { return (str_ireplace(array("\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:"), '', $field)); } ?> The HTML Code: [Select] <div class="call_us_form"> <p class="title">WE'LL CALL YOU BACK</p> <?php if($form_complete === FALSE): ?> <form class="contact_form" id="fm-form" method="post" action="index.php" > <fieldset> <div class="fm-req"> <label for="fm-firstname">Name</label> <input type="text" id="fullname" class="detail" name="fullname" value="<?php echo isset($_POST['fullname'])? $_POST['fullname'] : ''; ?>" /> <?php if(in_array('fullname', $validation)): ?><script type="text/javascript">alert("Please enter a Name"); history.back();</script><?php endif; ?> </div> <div class="fm-req"> <label for="fm-firstname">Email</label> <input type="text" id="email" class="detail" name="email" value=" <?php echo isset($_POST['email'])? $_POST['email'] : ''; ?>" /> <?php if(in_array('email', $validation)): ?><script type="text/javascript">alert("Please enter a valid Email Address"); history.back();</script><?php endif; ?> </div> <div class="fm-req"> <label for="fm-firstname">Number</label> <input type="text" id="telephone" class="detail" name="telephone" value="<?php echo isset($_POST['telephone'])? $_POST['telephone'] : ''; ?>" /> <?php if(in_array('telephone', $validation)): ?><script type="text/javascript">alert("Please enter telephone number"); history.back();</script><?php endif; ?> </div> <div class="fm-req"> <label for="fm-lastname">Message</label> <textarea cols="40" rows="5" id="comment" name="comment" class="mess"><?php echo isset($_POST['comment'])? $_POST['comment'] : ''; ?></textarea> <?php if(in_array('comment', $validation)): ?><script type="text/javascript">alert("Please enter your message"); history.back();</script><?php endif; ?> </div> <input class="submit_button" type="submit" value="Call us" /> </fieldset> </form> <?php else: ?> <p>Thank you for your Message!</p> <p>We will get back to you as soon as we can</p> <script type="text/javascript"> setTimeout ('ourRedirect()', 5000) function ourRedirect () { location.href='index.php' } </script> <?php endif; ?> From our website we are connecting to GMAIL to send our emails through SMTP. For some reason it is not sending the emails to the CC or BCC email address event though GMAIL shows it was included in the email. Am I missing something in the below code? Code: [Select] $currentTime = time(); $emailTo = "redbrad0@domain.com"; $emailCC = "brad@domain.com"; $emailBCC = "events@domain.com"; $emailSubject = "TEST Email at (" . $currentTime . ")"; $emailBody = "This is the body of the email"; $headers = array(); if (!empty($emailTo)) $headers['TO'] = $emailTo; if (!empty($emailCC)) $headers['CC'] = $emailCC; if (!empty($emailBCC)) $headers['BCC'] = $emailBCC; if (!empty($emailSubject)) $headers['Subject'] = $emailSubject; $headers['From'] = "events@domain.com"; $mime = new Mail_mime("\n"); $mime->setTXTBody($emailBody); $body = $mime->get(); $headers = $mime->headers($headers); $mail = Mail::factory('smtp', array ('host' => 'ssl://smtp.gmail.com', 'auth' => true, 'port' => 465, 'username' => 'events@domain.com', 'password' => 'thepasswordhere')); try { $result = $mail->send($emailTo, $headers, $emailBody); } catch (TixException $ex) { echo "<font color=red>Error:" . $ex->getCode() . "</font><br>"; } echo "Emailed at (" . $currentTime . ")<br>"; die; Hello, I am new. I have created a very simple webpage that has content the changes when a link is clicked. The site works perfectly on my "localhost". I am running Apache 2.2 and PHP 5.3 on localhost. When I upload to my GoDaddy shared hosting, ( I beleive Apahe 1.3 and PHP 5.2) my "index.php" displays fine on load. However, when any of the links are clicked the content area where it is supposed to change disapeears. Here is a sample of the code that I am using: // These are the links in the index.php html code... <li><a href="index.php?id='home'" id="home" name="home">Home</a></li> <li><a href="index.php?id='form'" id="form" name="form">Register</a></li> <?php include("form1.php"); getPage(); ?> html.... Then on the form1.php page is the following code... function getPage() { $linkID = $_GET['id']; if ($linkID == NULL) { changeBool("'home'"); } else changeBool($linkID); } //end example The function "changeBool()" has a switch structure that is determined by the $_GET[] var. I beleive this has something to do with the php.ini settings, possibly the apache settings...any ideas would be greatly appreciated. Hello - I have usually run my own servers, and always drop my .php files with MYSQL connection strings in a directory like /var, with webroot being /var/www/mysite. I now find myself in a shared hosting environment for a client and wondering the safety of my connection string .php files. Unfortunately they are sitting in a folder in the root of my hosting directory right now, and they feel vulnerable. It seems the only thing I could do would be to put the root of my hosting into a subdirectory, point the site there, and then put my connection strings on directory back. But seems the problem is they are still in my shared hosting. What's the best way to secure this type of sensitive info in a shared environment? I'm also getting ready to explore credit card processing via an API, and wondering if shared hosting is even worth it. Thanks!! Hello, we got a site running in to different servers, the other one is a sub domain that will be use as internal pages and the other one is external. As of that I need to pass session to see if a user details.
Is there a another secure way to pass session data to other server without storing on the database?
Hello guys, I have created a mini image hosting website. Well, I have successfully coded the file upload, including security to allow certain image extensions and size as a beginner in PHP. However, only one thing remains is the image link. You can view the website on this address http://mini-image-hosting.99k.org/ where it is currently hosting on a free web hosting account with a free sub-domain. Right now, only the image can be uploaded and is being stored in a directory. Nevertheless, I want that when the person uploads an image, he gets also the link, for example: http://mini-image-hosting.99k.org/xxx.jpg something like that. Can you help me for this? I launched my new website about a month ago. I switched from one web host to another due to poor hosting performance. Now I'm running into the same issue again -- poor web hosting performance.
My first web host was Hostgator. My current web host is AT&T. I hate the thought of switching to a different web host every month trying to find one that will reliably host my site. Does anyone here have a reliable web host that they use and would recommend?
My question is relative since what is reliable for a simple web site, may not be reliable for one that is more complex. For this reason, I can't simply trust web host reviews.
My website isn't overly complicated, but it's more complex than just basic HTML. It uses a lot of PHP, as well as a MySQL database that only has two small tables. The website uploads and downloads small text files regularly. It also sends E-mail attatchments quite often.
Because I just launched, my website isn't getting a ton of traffic -- about 10 users per day. However, I'm beginning to run into the same problem as before. My web host's server is starting to show itself as being unreliable. As with my first web host, it seems as if it may be due to overcrowding on the shared server.
Do any of you run any moderately complex websites? If so, who do you use for a reliable web host?
I've considered setting up my own server with a LAMP configuration and hosting the site myself. However, I don't know a lot about Linux or Apache, and so would like to avoid this. But because the computer would only be hosting my own website, and no one else's, I have to believe that a LAMP setup would be more reliable than a shared server that is overcrowded.
A reliable web host is really what I'm looking for. But I don't want to keep going down the road of trial and error. If anyone uses a web host that reliably supports their moderately-complex website, then I would love to hear from you. I'm sick of my site failing due to server issues. Like the Duracel commercial says, "It just has to work!"
Please forgive me if you feel that my post doesn't correctly fit the forum category. I tried to figure out which category best fits this topic, but none of them seemed to be perfectly suitable.
Thank you for your time, as well as for any suggestions.
Hey Friends,
I am new to this forum, and does not know anything about programming. And I require very small help from the experts of forum. I have downloaded free image hosting script from web & it is not working fine, it gets stuck at basic.php (one of the file in script). I am sharing the script here also sharing the website. My website : bsm1313.5gbfree.com
Note : I have uploaded a rar file. Kindly change extension to .rar from .php. as it was not allowing me to upload the rar file.
Any kind of help is highly highly appreciated. Thanks a ton in advance.
Attached Files
easyimagehoster_1.32.php 35.46KB
5 downloads I'm running about 50 domains on a private host that's going out of business, so I need to move providers soon. The Amazon or Google cloud platforms are intriguing. Does anyone have any experience using either for website hosting?
My current solution is a Plesk management interface. So, I'm hoping to install the same wherever I go (because migrating 50 domains manually ...)
Code: [Select] <div id="recent"> <p class="title"><?php echo "Staff Picks"; ?></p> <div id="gallery"> <?php $i = 0; while($album = mysql_fetch_row($recent)): ?> <?php if(++$i%4 == 1): ?><div><?php endif; ?> <?php $image = mysql_fetch_row(mysql_query('SELECT `id`, `extension` FROM `image` WHERE `album_id`='.$album[0].' ORDER BY `id` DESC LIMIT 0,1')); ?> <a href="<?php echo WEB; ?>a/<?php echo alphaID($album[0]); ?>"> <img src="<?php echo WEB; ?>small/<?php echo alphaID($image[0]); ?>.<?php echo $image[1]; ?>" alt=""/> </a> <?php if($i%4 == 0): ?></div><?php endif; ?> <?php endwhile; ?> <?php if($i%4 != 0): ?></div><?php endif; ?> </div> I have this code, which on my image hosting website, displays a grid of the latest albums of images that users upload. I really have no experience in Php. I to change this code to simply display a grid of albums that i choose, not the latest. Like 'staff picks' instead of 'most recent'. Any help would be greatly appreciated. Forbidden You don't have permission to access /cgi-bin/sendmail.php on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Hi: I have a site hosted (shared) on 1and1.com hosting, and they seem to have a file upload limit of 2MB. Is there a way to overwrite this? I have been trying a .htaccess and php.ini file, but can't get it to work. The folder with the upload form is called "admin," in the ROOT of the site. Been trying (in both the ROOT and the "admin" folder): php.ini Code: [Select] ; Maximum size of POST data that PHP will accept. post_max_size = 8M ; Maximum allowed size for uploaded files. upload_max_filesize = 8M ini_set('memory_limit','128M'); .htaccess (in both the ROOT and the "admin" folder): Code: [Select] php_value memory_limit 24M That is all the code in each file - am I missing some code? Can this be done? Thank you. ive been geting attacked by a spam bot it is inserting gibrish in one of my contact forms. i managed to block it with Code: [Select] if (empty($_POST['Email']) && !empty($_POST['CustomerEmail'])) Email is an empty text field with display:none for sometime it was clean and now it succeeds once in a while to insert a form. i dont want to use captcha , i think i will loose clients your advise Hey My site is getting alot of spam and i need a way to keep up with what is being sent with some kinda system that will flag things which contain urls and chosen keywords. Problem i faced though was lets say a keyword was: skyspider Now some one could say sky or spider (as seperate words) but they still flagged. So "theres a spider in the sky" would be flagged when i only want "skyspider" flagged... does that make sense? What php function do i require to do such string checks like this? Thanks A form is filled and the information is emailed to my address. The problem is it goes to the spam folder. Is it a problem with the email filter? I suppose I could whitelist the email address the server uses to email the info, but then spam would get through as well. Any ideas? I 'm having some problem while sending mails . i am sending bulk mails using php script, der is no problem in the script. i hope some guys have faced similar issue. while i am sending bulk emails, i figured out that - few mails are going to spam not into their INBOX. can you guys pls give some hint to resolve this issue. .. Hi This subject doesn't really have a category but is driving me mad. I use the mail() function to send out emails to a news group forum that I have created. This forum does the same. I am getting the emails placed in a spam folder. Is there any way around this. I have been told that it has something to do with no reverse DNS. I get emails like DoNotReply@bt.com. This email address doesn't exist. How does the email system know this, and is there a way around it. TIA Desmond. Hi.. I want to implement a program for identifying spam emails using an algorithm naive bayes in php.. How to implement this ..can any one help me.. thanks in advance im having some robots injecting gibberish i wnat to deny amy links in the requesttext of the form for some reason i tested it and it accepted a http link Code: [Select] if (preg_match("/http/i","$RequestText")){ exit();} thanks Ok, so I want to make a comment spam filter for my site. I know the basic logic, but have yet to figure out how to write the functions. I have a database table called comments that has a column called "time", which contains a unix timestamp value of when it was posted. Basically what I want to do is this: When a user tries to post a comment, the script determines with a database query if they have posted a comment in the last 120 seconds. So basically I have to find the current time, and the time it was 120 seconds before the current time. Then I have to find any comments posted by the user that were made after the 120 second mark. My database query should then look something like this, right? Code: [Select] $query = mysql_query("SELECT * FROM comments WHERE author = ".$_SESSION['id']." AND time > '".$120secondsago"'"); Please correct me if my logic is wrong, which it very well may be, but how would I find the unix timestamp code from 120 seconds before the current time? Note that 120 seconds is just an example and also that I have not worked with dates in mysql very often. $query = mysql_query("SELECT * FROM comments WHERE author = ".$_SESSION['id']." AND time |