PHP Web Email Form hacks

Post by **maboroshi** » 20 Sep 2005, 19:26

I built a web site for a customer which has a Mail from form script the last couple days she has been getting email delivered to her address from strange email addresses but with her email extension @hername

the contents of the email contain

This is a multi-part message in MIME format.

--===============2102142431==
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

dkettge
--===============2102142431==--

Just want to make sure people aren't using her form to send email to other computers

I am not entirely sure whats going on if its an exploit in the PHP code or server or if its just my imagination

Any ideas and do I need to be worried if you know what this is all about I would appreciate hearing from you

Cheers

Post by **bad_brain** » 21 Sep 2005, 02:29

Hm, the MIME-type just tells the computer what kind of file (email,exe,jpg,etc...) it is, so the machine knows how to handle it. If it´s a PHP-form you usually don´t need a email-client to send a mail, so the mail gets sent from your own MX-server to yourself. Could you post the form source code? I´m not a PHP expert, but maybe there´s an error in the settings... Oh,and checked the email-headers? They will give you a hint what happened...

ramnarayan · Post by **ramnarayan** » 23 Oct 2005, 03:15

Hi,

Not sure if I understood this right.

Does the form use a perl script <ex: contact.pl>? If that is the case, then there is a particular exploit which uses this to send spam to ids.

Read about this some time back, but not sure about the solution to this though.

RN