Page 1 of 1

Sendmail vulnerability?

Posted: Thu May 17, 2007 4:28 am
by spacebiscuit
Hi,

I have a website which uses the sendmail function to send customers enquiries on my website.

Each morning I wake to find 'enquiries' which contain absolute gibberish.

For example:

but utri atic machine the d that we the room, and words he thought you of b=
ecause winked away into our equipment marble sanded unconcealed contempt. h=
e last


Is there some kind vulnerability with the sendmail function?

Is this something I should be concerned about or is it simply an inconvenience?

Why would someone do this?

Any feedback would be appreciated.

Thanks,

Rob.

Posted: Thu May 17, 2007 7:21 am
by Chris Corbyn
What's the sendmail function? Sendmail is a program which runs on UNIX-like systems. How are you invoking it? With mail() or with something like Swift Mailer? It's more likely that the web page which allows emails to be sent has a security hole in it.

Posted: Thu May 17, 2007 7:35 am
by spacebiscuit
Hi I am invoking the mail finction as follows:

Code: Select all

mail($to, $subject, $body);
Any ideas?

Thanks,

Rob.

Posted: Thu May 17, 2007 6:15 pm
by RobertGonzalez
Where are the mails coming from and where are they going to?

Posted: Sat May 19, 2007 10:49 am
by aaronhall
May just be spam; you'd probably want to implement a captcha for the form in either case.

Posted: Sat May 19, 2007 1:06 pm
by spacebiscuit
Ok I have done some investigating and I think I have the answer.

Basically spammers use contact pages to send spam. It works by changing the variable data contained in the url of a submitted page. Although the 'to' email variable maybe hardcoded the spammers exploit a security whole by appending a 'bcc' variable and therefore each time the form is submitted it also sends to a list of emails in this field.

A full explanation can be found here with some measures which can be taken to protect against this security hole. Although not 100% full proof it has at least stopped the activity in my case:

http://www.phpbuilder.com/columns/ian_g ... hp3?page=2

Thanks,

Rob.

Posted: Sat May 19, 2007 2:47 pm
by timvw
Even this forum you'll find a copule of good threads on e-mail injection...

Posted: Sat May 19, 2007 5:36 pm
by Chris Corbyn