Prevent someone using myphpfile.php from another server

  • basketmen
  • Student
  • Student
  • basketmen
  • Posts: 69

Post 3+ Months Ago

Hi guys,

few days ago my host says in one of my website are sending large mail, that come from senegal country ip


here are my host says

Quote:
There were another 16 mails in the queue this morning going to a very large number of recipients.

X-PHP-Script: domaindotcom/myphpfile.php for 111.222.333.444

That seems to be the source IP, they more than likely injecting headers into the mail() being used in PHP, there are a few regexes and methods on the Internet if you google on how to prevent it.



myphpfile.php are file for sending private message (member got email notification too for each private message) to another member in my site, you must be login to use that page



is there a way to prevent myphpfile.php page by accessing from other server, so only real user that can accessing the page? maybe like prevent hotlinking image





please share your knowledge guys
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

http://objectmix.com/php/432605-re-%5Bp ... urity.html

Does that answer your question?
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8415
  • Loc: USA

Post 3+ Months Ago

In what way does your system check if the user is logged in? Does it actually check the log-in status in the myphpfile.php or in the file that is only using that file?
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

Be sure you're sanitizing user input so you're getting what you expect to get. In this case, perhaps that means validating that a supplied email address is just 1 email address. Maybe something like this:
PHP Code: [ Select ]
if( preg_match("/\@.*\@/",$email) ){
   // too many @ symbols
}
  1. if( preg_match("/\@.*\@/",$email) ){
  2.    // too many @ symbols
  3. }


Be sure you're defining your headers right before you send your email, as such:
PHP Code: [ Select ]
$headers = 'From: noreply'."\r\n"
.'X-Mailer: Mysite.com Web Portal';
 
mail($email,$subject,$message,$headers);
  1. $headers = 'From: noreply'."\r\n"
  2. .'X-Mailer: Mysite.com Web Portal';
  3.  
  4. mail($email,$subject,$message,$headers);

Post Information

  • Total Posts in this topic: 4 posts
  • Users browsing this forum: No registered users and 111 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.