iEntry 10th Anniversary 
Forum Rules 
Search
|
|
||||||
|
||||||
| Index Link To US Private Messages Archive FAQ RSS | ||||||
| Internet Security Discussion Forum This forum is for the discussion of security related issues. If you find a new Phishing scheme, spyware, virus or malicious site - let us know about it. If any of the above found you... here's where you ask for help. |
Share Thread: & Tags
|
||||
|
 |
|
|
LinkBack | Thread Tools | Display Modes |
09-12-2005, 01:18 PM
|
|||
|
|||
Contact Form being Hi-jacked - HELP!
Hello,
I have two websites that i have noticed it appears that the contact form is being hi-jacked. I get 10-12 emails in a row from that contact form with bogus email addresses in every field. How can I tell for sure if the form is being hi-jacked and also, is there an easy way for a non-programmer to make the form more secure? Thanks in advance for any help anyone can offer. 
|
|
09-12-2005, 01:39 PM
|
|||
|
|||
|
That may not be the issue. There are known exploits for FrontPage extensions (older versions) that allow the hijacking of a server via a malformed form input.
What you may be seeing is the occasional errant script-kiddy checking your site for this vulnerability. I wouldn't worry about it, unless you are running an older version of the Frontpage extensions, that is. We see this on every server a few times a week but don't pay any mind to it - we even see it on sites not using the FP extensions, so the bot's being used to look for the vulnerability aren't that smart, either. Also, if you are running them, but never use them, it is much preferred to disable the extensions completely. Even most *nix servers have them installed.
__________________
:not_the_usual1 [you decide] ________________ All in my opinion, which, when combined carefully with a $1 bill, gets you a cup of coffee at the corner store.
|
|
09-12-2005, 01:42 PM
|
|||
|
|||
|
Thanks for the help. So can I assume that by disabling front page extensions on the server accounts, that my sites are pretty much protected from form hi-jacking?
However, the interesting thing, is that I didn't have front page extensions enabled, so then that would have just been a result of them checking my form for vulnerabilities rather than actually utilizing it for spam, correct?
|
|
09-12-2005, 01:51 PM
|
|||
|
|||
|
Well.... At least from that potential vulnerability.
You should also do a few other things, like maybe running php_suexec, but not every machine is the same. If you are running certain software, some easy fixes will break other things. As an example, you can't run MMCache, certain image gallery programs, etc., with php_suexec because it forces PHP to run as a CGI binary. This would be a good discussion to have with one of the more knowledgeable admins at your host or NOC. Ask about basic stuff like basic server hardening and making sure that visitors can't inject things into your PHP forms and results. This is pretty 101 stuff from the admin end, so it shouldn't be a hard thing for them to help out with.
__________________
:not_the_usual1 [you decide] ________________ All in my opinion, which, when combined carefully with a $1 bill, gets you a cup of coffee at the corner store.
|
|
09-12-2005, 03:14 PM
|
|||
|
|||
|
Ok, I will. Thanks for the help!
|
|
|
| Thread Tools | |
| Display Modes | |
|
|
|
WebProWorld |
Advertise |
Contact Us |
About |
Forum Rules |
MVP's |
Archive |
Newsletter Archive |
Top |
WebProNews
WebProWorld is an iEntry, Inc. ® site - © 2009 All Rights Reserved Privacy Policy and Legal iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 |
Linear Mode
