ahosting logo
billing login community forum
reseller hosting, dedicated server, ahosting
05 Sep 2010 
Support Center » Knowledgebase » PHP Mail Injection - Spam Attack
 PHP Mail Injection - Spam Attack
Solution Hello,

Spammers can use your php mail scripts and they can add their header, c.c. & b.c.c then send mail to especially aol mail address.
Please add following codes to your php mail scripts ;

It should be at top of page (php codes) - it works for POST method
$badStrings = array("Content-Type:",
"MIME-Version:",
"Content-Transfer-Encoding:",
"bcc:",
"cc:");
foreach($_POST as $k => $v){
foreach($badStrings as $v2){
if(strpos($v, $v2) !== false){
header("HTTP/1.0 403 Forbidden");
exit;
}
}
}
?>

Article Details
Article ID: 32
Created On: 07 Dec 2005 04:33 PM

 This answer was helpful  This answer was not helpful

 Back
 Login [Lost Password] 
Email:
Password:
Remember Me:
 
 Average Response Time
Technical Support : 10 mins, 40 secs
Dedicated Server : 14 mins, 35 secs
Reboot Request : 4 mins, 3 secs
Billing Dept. : 6 mins, 44 secs
Sales Dept. : 9 mins, 28 secs
 Search
 Article Options
 Add Comment
 Print Article
 PDF Version
 Email Article
 Add to Favorites
Home | Register | Submit a Ticket | Knowledgebase | Troubleshooter | News | Downloads
Language:

Help Desk Software By Kayako SupportSuite v3.70.02