I think I'm being hacked

[crust]

Someone or some people seem to be useing the contact us section of my site to test or to try to do something to my site.. I'm not really sure what they are trying to do maybe someone knows and can help me out. In my email that I get from people useing the contact us form I have been getting 3 emails in a row they seem to be a fake adress with mysite as the from.. here are a couple examples

 

Email #1 from - daasqd@mysite.com

Email #2 from - INVALID_ADDRESS@.mysite.com

Email#3 from - rsmfisavcf@mysite.com

 

The first email just has a hyperlink and daasqd@mysite.com

 

Here is the second email:

 

From: dgchsay@mysite.com

To: justin <staff@mysite.com>, dgchsay@mysite.com

Subject: Enquiry from mysite

Headers: Show All Headers

lqfirdfx

--===============0586796908==--" <dgchsay@mysite.com>

MIME-Version: 1.0

X-Mailer: osCommerce Mailer

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: 7bit

 

 

dgchsay@mysite.com <--- hyperlink

 

 

 

Here is the 3rd email:

 

From: "rsmfisavcf@mysite.com" <rsmfisavcf@mysite.com>

To: justin <staff@mysite.com>

Subject: Enquiry from mysite

Headers: Show All Headers

 

rsmfisavcf@mysite.com

Content-Type: multipart/mixed; boundary="===============0258115953=="

MIME-Version: 1.0

Subject: d8f97a7f

To: rsmfisavcf@mysite.com

bcc: jrubin3546@aol.com

From: rsmfisavcf@mysite.com

 

This is a multi-part message in MIME format.

 

--===============0258115953==

Content-Type: text/plain; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit

 

bgpfenpwe

--===============0258115953==--

 

 

 

does anyone know what they are doing or trying to do? also what should I do to protect myself? this ha happened more then once... all seem to be doing the same thing..

[Guest]

If they're all from the same IP address, or same IP address range, then block them.

 

-jared

[Jan Zonjee]

Someone or some people seem to be useing the contact us section of my site to test or to try to do something to my site.. I'm not really sure what they are trying to do maybe someone knows and can help me out. In my email that I get from people useing the contact us form I have been getting 3 emails in a row they seem to be a fake adress with mysite as the from..

<{POST_SNAPBACK}>

This appears to be a growing problem. There was a bug report on it months ago (bug report database seems to be acting up at the moment, it doesn't show a single one) and more and more people are experiencing problems. These are (some?) of the topics dealing with it:

 

Email Was Spamed, contact_us.php file (Jul 30 2005)

Script kiddie attempt to abuse "Contact Us" Page, hoping to exploit unchecked fields (Aug 30 2005)

WANTED CONTRIBUTION! Site is hacked!, Get spammails sent from my site! (Sep 5 2005)

E-Mail Security Concerns, I Feel Somebody is Abusing Enquiry Form (Sep 9 2005)

 

There is a contribution for stopping the abuse of the form (Validate Input), but as far as I know it doesn't stop the bots from sending you those mails.

[crust]

If they're all from the same IP address, or same IP address range, then block them.

 

-jared

<{POST_SNAPBACK}>

 

 

 

How can you figure out what IP adress its comeing from?

[AlanR]

Start here:

 

http://www.oscommerce.com/forums/index.php?sho...ndpost&p=695512

[Guest]

Its faster to instal the vvc and then sort out the mail parsing issues:

http://www.oscommerce.com/community/contributions,1560

 

that will stop the bots