Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

I think I'm being hacked


crust

Recommended Posts

Someone or some people seem to be useing the contact us section of my site to test or to try to do something to my site.. I'm not really sure what they are trying to do maybe someone knows and can help me out. In my email that I get from people useing the contact us form I have been getting 3 emails in a row they seem to be a fake adress with mysite as the from.. here are a couple examples

 

Email #1 from - daasqd@mysite.com

Email #2 from - INVALID_ADDRESS@.mysite.com

Email#3 from - rsmfisavcf@mysite.com

 

The first email just has a hyperlink and daasqd@mysite.com

 

Here is the second email:

 

From: dgchsay@mysite.com

To: justin <staff@mysite.com>, dgchsay@mysite.com

Subject: Enquiry from mysite

Headers: Show All Headers

lqfirdfx

--===============0586796908==--" <dgchsay@mysite.com>

MIME-Version: 1.0

X-Mailer: osCommerce Mailer

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: 7bit

 

 

dgchsay@mysite.com <--- hyperlink

 

 

 

Here is the 3rd email:

 

From: "rsmfisavcf@mysite.com" <rsmfisavcf@mysite.com>

To: justin <staff@mysite.com>

Subject: Enquiry from mysite

Headers: Show All Headers

 

rsmfisavcf@mysite.com

Content-Type: multipart/mixed; boundary="===============0258115953=="

MIME-Version: 1.0

Subject: d8f97a7f

To: rsmfisavcf@mysite.com

bcc: jrubin3546@aol.com

From: rsmfisavcf@mysite.com

 

This is a multi-part message in MIME format.

 

--===============0258115953==

Content-Type: text/plain; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit

 

bgpfenpwe

--===============0258115953==--

 

 

 

does anyone know what they are doing or trying to do? also what should I do to protect myself? this ha happened more then once... all seem to be doing the same thing..

Link to comment
Share on other sites

Someone or some people seem to be useing the contact us section of my site to test or to try to do something to my site.. I'm not really sure what they are trying to do maybe someone knows and can help me out. In my email that I get from people useing the contact us form I have been getting 3 emails in a row they seem to be a fake adress with mysite as the from..

This appears to be a growing problem. There was a bug report on it months ago (bug report database seems to be acting up at the moment, it doesn't show a single one) and more and more people are experiencing problems. These are (some?) of the topics dealing with it:

 

Email Was Spamed, contact_us.php file (Jul 30 2005)

Script kiddie attempt to abuse "Contact Us" Page, hoping to exploit unchecked fields (Aug 30 2005)

WANTED CONTRIBUTION! Site is hacked!, Get spammails sent from my site! (Sep 5 2005)

E-Mail Security Concerns, I Feel Somebody is Abusing Enquiry Form (Sep 9 2005)

 

There is a contribution for stopping the abuse of the form (Validate Input), but as far as I know it doesn't stop the bots from sending you those mails.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...