Main > Main Forum
Email Viruses
Jakobud:
--- Quote from: Trimoor on October 06, 2004, 07:12:11 pm ---Jacobud, this is exactly what I'm looking for.
Could you send me the php source?
--- End quote ---
Sure it's a piece of cake:
There are four different php pages here:
contact.php <--- the page that people actually access and fill out the form and stuff
contactScript.php <---- the php script that no one can see (it contains your email address)
contactThankYou.php <--- the script/page that appears saying Thank You, afterword
contactError.php <---the script/page that appears saying error, you didn't fill the form out correctly
contact.php:
this is just a normal page in it. But when you get to your FORM tags, make it say this:
<form action="contactScript.php" method="post">
contactScript.php (this is the brain of the process):
<?php
$mailto = 'myemailaddress@somewhere.com' ;
$subject = "This is the subject of the email to be sent!!!" ;
$formurl = "http://www.yoursite.com/contact.php" ;
$errorurl = "http://www.yoursite.com/contactError.php" ;
$thankyouurl = "http://www.yoursite.com/contactThankYou.php" ;
// -------------------- END OF CONFIGURABLE SECTION ---------------
$name = $_POST['name'] ;
$email = $_POST['email'] ;
$comments = $_POST['comments'] ;
$http_referrer = getenv( "HTTP_REFERER" );
if (!isset($_POST['email'])) {
header( "Location: $formurl" );
exit ;
}
if (empty($name))
$name = 'Anonymous';
if (empty($email))
$email = 'none';
if (empty($comments))
{
header( "Location: $errorurl" );
exit ;
}
$messageproper = "From: $name\nEmail: $email\n\n$comments";
mail($mailto, $subject, $messageproper, "From: \"$name\" <$email>\nReply-To: \"$name\" <$email>\nX-Mailer: chfeedback.php 2.01" );
header( "Location: $thankyouurl" );
exit ;
?>
contactThankYou.php and contactError.php:
There is nothing special about either of these. They are just web pages that show up and say Thanks or Error.
There are a couple of nice things about this script.
1. All you have to do is fill out the top portion of the code. You don't really need to understand or pay attention to the algorithms themselves.
2. Your email address is hidden. The only place it's displayed is in the code of the contactScript.php.
3. Well what happens if someone knew that and typed in their browser: www.mysite.com/contactScript.php? Well the browser simply opens up the contact.php. You can't look at contactScript.php at all through the browser.
Cool huh? :) Hope this helps.
krick:
By the way, does anybody need a Google Gmail account?
1GB of space, spam filtering, nifty threading and sorting options, no ads. Kicks the crap out of Hotmail, by invitiation only.
I've got 6 invitiations to give away.
The first 6 people to PM me can have them.
(I always seem to get more too)
...
Krick
MonitorGuru:
> "The address I gave on the site was freshly created, and has been given out only there and on this site."
Doesn't matter if an account is "fresh" or not or suspected to have been "sold" or not. DOMAIN SUBSTITUTION is how spammers are reaching more people with higher % hits.
Did you create the mailbox with a UNIQUE name that you have NEVER used before on any other domain? If so, then they probably found it through botting this site or yours. If it was a previously used name, just with a new domain attached, they they likely found it with domain substitution.
Here is how it works:
- Create account "arcadecontrols@aol.com"
- Post that address to tons of sites and email hundreds of people with it.
- Start getting spam there.
- Create a new account "arcadecontrols@hotmail.com"
- Day one, start receiving tons of spam.
- Post numerous complaints online about why MS is selling your email address to spammers
- Create a new account "arcadecontrols@myregionalisp.com"
- Day one, start receving tons of spam there.
- Post wondering why you got spam on a fresh account with a "trusted" ISP
See the pattern? Spammers know that it's human nature to reuse the same login, e.g. "arcadecontrols" at every site you create an email account at. Therefore they take a list of known good accounts at say, AOL, then replace @aol.com with every other known domain name.
It's a lot better attack than random dictionary attacks on the username. Human nature means you not only don't like changing your passwords, you also dont like changing your logins.
Create a new account with say, "arcad3_c0ntr0l$_Oct04@myisp.net" and then see how long it takes before you start receiving spam. It will take much longer!
Likewise, my account is NOT monitorguru@hotmail.com... I'm sure that would be flooded by now. It's a totally unique account name used for signing up for this board, so it can't be guessed as easily.
Again--if you posted your email on your web page or here, it could have gotten out rather quickly. But I just want people to know that many times it's simple substitution that gets you spammed quickly instead.
Good luck!
Trimoor:
Okay, this is getting creepy.....
I just checked my mail, and got yet another virus.
But the return address was from Saint! :o :o :o :o
Yes, our saint, the admin of this site!
Either saint got infected, or the spammers know enough about us to spoof his return address.
No body text, just my AVG warning about the "I-Worm/Bagle.AB" virus.
Here is the header:
Return-Path: <saint@null.net>
Delivered-To: (my address)
Received: (qmail 15095 invoked from network); 7 Oct 2004 17:00:50 -0000
Received: from 64-190-134-18.client.cypresscom.net (HELO EMachine42.net) (64.190.134.18)
by 1002-15.lowesthosting.com with SMTP; 7 Oct 2004 17:00:50 -0000
Date: Thu, 07 Oct 2004 11:58:53 -0600
To: (my address)
From: "Saint" <saint@null.net>
Subject: Incoming message
Message-ID: <xxjhcwqbzmkfdypxtak@trimoor.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------cmqwgtymnsiwzirelyny"