I hope someone can help.
I use a php form to process contact forms on my web sites. Recently I have
been receiving lots of strange data coming through the contact forms like
this :
NB. mysite = the actual site that the contact form is on.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
From: qs********@mysiteco.uk add to address book
Return-Path: my**********@hosts.co.uk add to blacklist add to whitelist
Delivery-Date: Thursday, September 8, 2005 2:57 AM
To: ma**@mysite.co.uk
Subject: Information request
show headers | download source | printable view | back to folder | next
message Spam score: 0
Name : qs********@mysite.co.uk
Phone : qs********@mysiteco.uk
Email : qs********@mysiteco.uk
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
It spoofs the address of the site that the contact form is on. This has
happened accross every site that the form is on so I am guessing their is a
vulnaribility in the script below . Can anyone help please?
php Contact script used >>>>>>>>>>>>>>>>>>>>>>>>>>>>
<?
$name=$_POST['name'];
$phone=$_POST['phone'];
$email=$_POST['email'];
$query=$_POST['query'];
$to="en*******@mysite.co.uk";
$from="$email";
$message="Customer Name : $name\n\n
Phone : $phone\n\n
Email Address : $email\n\n
Query : $query\n";
if (mail($to, "Customer Information", "$message\n", "From: $from"))
{$URL="http://www.mysite..co.uk/thankyou.php";header ("Location: $URL");
} else {
echo "There was a problem sending the mail. Please check that you filled in
the form correctly.";
}
?>
>>>>>>>>>>>>>>>>>>>>>>>>
Any help would be greatly appreciated. I am no php expert , I simply
adjusted a form I found on a php tutorial site.
Thank you in advance,
Neil