Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security Issue?


EmpressChang

Recommended Posts

Is there security in place to stop email injection attacks to the osCommerce php mail forms?

You mean multiple emails? Don't know it there is, but it is easy to do if you know some PHP. Just set a variable if the form has been sent, then check for the variable when the form is set, that way if they send something twice it won't let them send the second time (or you could set it up so it will let them send 4, but not more than that unless they start their session over.)

 

Ben Taylor

My store: www.TradRack.com

Link to comment
Share on other sites

PHP Email Injection: There are a lot of ways to send anonymous emails, some use it to mass mail, some use it to spoof identity, and some (a few) use it to send email anonymously. Usually a web mailform using the mail() function generates emails containing headers with the originating IP of the server it's running on. Therefore the mailform acts as a SMTP proxy. The input fields of the form may vary, but it is common to specify a mailform that gives you control over the subject, the message, and the sender's email address.

 

Are there any contributions or updates that up the security & prevent the hijacking of email from your domain?

 

I searched the forum & the contributions and couldn't find anything -- maybe I am searching for the wrong thing?

 

Thanks for your time!

Link to comment
Share on other sites

PHP Email Injection: There are a lot of ways to send anonymous emails, some use it to mass mail, some use it to spoof identity, and some (a few) use it to send email anonymously. Usually a web mailform using the mail() function generates emails containing headers with the originating IP of the server it's running on. Therefore the mailform acts as a SMTP proxy. The input fields of the form may vary, but it is common to specify a mailform that gives you control over the subject, the message, and the sender's email address.

 

Are there any contributions or updates that up the security & prevent the hijacking of email from your domain?

 

I searched the forum & the contributions and couldn't find anything -- maybe I am searching for the wrong thing?

 

Thanks for your time!

 

it's in the contribution area under contact_us fixes or something close to that. Offers many different options to deal with the issue.

Link to comment
Share on other sites

it's in the contribution area under contact_us fixes or something close to that. Offers many different options to deal with the issue.

 

Thank you carrerarod! That was exactly what I needed to find it.

 

For anyone else that is searching out this problem, it is called 'Contact Us Spam Issue Fixes' and can be found in the contributions area.

 

Thanks again! :thumbsup:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...