These days contact from hijacking is on run…spammers are using weak contact forms to send spam emails and this makes a server black listed in many sites. And these spammers are targeting most of the emails in AOL and our server get black listed with them.
I came across this when one of my client’s contact form was hijacked and my server IP got black listed. I figured out the problem with the help of
Outblaze guys and fixed the issues with the form but that was not the fixed solution to this.
Now what is contact form hijacking?
The spammers pass invalid characters and headers through the form fields using bots.
For example, they pass BCC header with MANY emails in any of the form fields and send out emails. They even modify the values passed in subject variable if its not fixed. In my case they were sending diet pills mails using that form.
This works if we do not check for invalid characters in the form validation.
Example of it would be following code:
Code:
"sender@anonymous.www%0ACc:recipient@someothersite.xxx%0ABcc:somebloke@grrrr.xxx,someotherbloke@oooops.xxx"
This code ads CC and BCC field in the headers and the email will go to these people as well.
How to stop it from our side and make the forms secure?
If we check for CC and BCC or say recurrence of @ character on action page then it can be stopped. And we can log that IP and other details and take action. (Report spammer’s IP or something)
In PHP you can write a function which will do all necessary cleanup, code on
this page would help you with it.
Many people say that it can be stopped by using
Captchas (image verification scripts) but these days there are scripts which can decode Captchas too. No kidding,
here is the link to working example of captcha decoder script.
How to stop it from server side?
Since I run web hosting company so it is difficult to check each and every form used by client and sit and clean it.
I then enabled few things on server side, i.e. I allowed only 100 emails to be sent from one domain in an hour. 2nd thing was I installed
mod_security module to take care of these spam mails.
If you are linux server admin then you should know what mod_security is and what it does. I must say it is a very powerful module; you can set rules in it and delete spam mails being sent from your server. It also allows many other rules like disabling few PHPBB and other exploits. Disabling XSS and SQL injections etc….
I just had to add 2 lines to stop spam mails. The code will check for BCC headers and allow only 20 addresses in BCC per mail.
I am reading lot of stuff on mod_security and learning the stuff so I can try my level best to save the server from these kind of attacks.
Good reads for contact form hijacking would be:
For end users:
-
Info on email injection
-
Secured PHP contact form
-
Project Killbot
For server admins:
-
Info on form hijacking
-
mod_security home page
-
mod_security rules
Source: Written by me 
Saving yourself from contact form hijacking
Linear Mode
