Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

PHP FormMail Exploited

Discussion in 'E-mail Discussion' started by metal_cd, Nov 18, 2005.

  1. metal_cd

    metal_cd Member

    Joined:
    Jan 21, 2004
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    151
    I have recently had spamming problems because of formmails written in php that use the mail() function. They do not have enough checks written into them and spammers can post to them and send out TONS of mail. They post in to the form submission a 'BCC: (ton of addresses)' and it sends to them.
    I guess I can rewrite the script to not send out to bcc: but who is to say there aren't a ton of other scripts that can do this same thing, I do not want to spend hours first finding then changing all of these scripts. Is there not a way I could globally disallow the sending of mail through php mail() to bcc: (without just shutting off php mail() to all scripts) ?


    Here is the php sending line;

    mail($recipient, $subject, $body, $mailheaders);

    Does the 'bcc: (ton of addresses)' have to be in $mailheaders for this to work for them?
     
  2. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    318
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice