homepage Welcome to WebmasterWorld Guest from 54.197.110.151
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Account suspended due to Spamhaus complaints
My host received Spamhaus complaints and cancelled my account
guarriman

10+ Year Member



 
Msg#: 9897 posted 9:20 am on Sep 24, 2005 (gmt 0)

Hi.

My host cancelled my account suddenly and without previous notification because "our data center is receiving Spamhaus complaints".

I don't carry out Spam and I only manage a blog and a
phpBB forum within my website.

I've browsed Spamhaus SBL and XBL lists:
[spamhaus.org...] [real IP removed]
and the IP of my server is not whithin these both black lists.

I've also checked other black lists:
[spam.deadbeef.com...]
[spamcop.net...]
and I don't find my IP.

Can anybody explain me a little more about this issue? I've got no idea about spam, my host support claims they "are investigating" and my website is down for 12 hours.

Thank you very much.

 

kaled

WebmasterWorld Senior Member kaled us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 9897 posted 9:25 am on Sep 24, 2005 (gmt 0)

Just a thought.... Might a competitor have spoofed the complaint?

Does your site have a shared or a unique IP address?

Kaled.

guarriman

10+ Year Member



 
Msg#: 9897 posted 9:40 am on Sep 24, 2005 (gmt 0)

> Just a thought.... Might a competitor have spoofed the complaint?
Yes, it might. But... is it possible? (I had no idea
about spam and less about Spamhaus complaints til now)

> Does your site have a shared or a unique IP address?
I share server with more than 50 websites. Mmmm... why is my host so sure about I'm to blame?

BTW, thank you very much Kaled for your answer.

georgeek

10+ Year Member



 
Msg#: 9897 posted 10:08 am on Sep 24, 2005 (gmt 0)


This is just one of the hazards of having a shared IP.

How about talking to your hosting service and requesting a dedicated IP. For a few dollars you could be back up and running in a few hours and not have to worry about the problem happening again.


guarriman

10+ Year Member



 
Msg#: 9897 posted 10:23 am on Sep 24, 2005 (gmt 0)

Yes, georgeek, you're right. But, the rest of the websites hosted in my server are not cancelled and I'm the only one :(

Any robust and reliable host service offering Dedicated Servers?

kaled

WebmasterWorld Senior Member kaled us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 9897 posted 12:34 pm on Sep 24, 2005 (gmt 0)

If I were you, I'd tell them categorically to put your site back up. If the complaint is based on an IP address (and I believe this is how spamhaus and others operate) there is no way to be certain that you are to blame.

The most likely source of any spam from your IP address is a vulnerable mail script. Do you use form mail? If not then there is almost no way for the blame to be yours. Also, if you do use form mail and the script was provided by your host, if it has been hacked, it's their fault for providing a vulnerable script.

Kaled.

guarriman

10+ Year Member



 
Msg#: 9897 posted 2:49 pm on Sep 24, 2005 (gmt 0)

I've got one simple email form which sends comments from my visitors:

email-form.html
-------------------
<form method=post action=send-mail.php>
Your email address:<br>
<input type="text" size="56" name="email"> <br>
Your name: <br>
<input type="text" size="56" name="name"> <br>
Text:<br>
<textarea name="text" rows=7 cols=60 wrap="off"></textarea> <br>
<input type="Submit" value="Send">
</form>
---------

send-mail.php
-----------
$to = "myemail@mydomain.com";
$subject = "Sent Menssage";
$body = "Message Body \n";
$body = $body . "----------------------- \n";
$body = $body . $email . "\n";
$body = $body . "----------------------- \n";
$body = $body . $name . "\n";
$body = $body . "----------------------- \n";
$body = $body . $text . "\n";
$headers = "From: $email";
mail($to,$subject,$body,$headers);
-------------

Could this script be vulnerable?

saoi_jp

10+ Year Member



 
Msg#: 9897 posted 3:03 pm on Sep 24, 2005 (gmt 0)

It could be vulnerable. Depends on how the "send-mail.php" script gets "email" from the form.

I hope this code is correct:
$to = $_POST['email'];
(See www.php.net and look up $_POST in the search.)
Using $_POST gets the data from the form (you have method=post).

If your script just says something like
$to = $email;
then it could get the address from the form, or from a URL. An automated script could access your script page through something like

http://www.example.com/send-mail.php?email=asdf@fdlkj.com

By the way, this is a neater way to write the $body, and a little more efficient than redoing $body each line:


$body = "Message Body \n"
. "----------------------- \n"
. $email . "\n"
. "----------------------- \n"
. $name . "\n"
. "----------------------- \n"
. $text . "\n";

[edited by: encyclo at 7:56 pm (utc) on Aug. 11, 2007]

guarriman

10+ Year Member



 
Msg#: 9897 posted 3:24 pm on Sep 24, 2005 (gmt 0)

Thank you saoi for your answer.

'$to' value is within the PHP code (it's always 'myemail@mydomain.com' and this is my mailbox where I receive the messages), and I only get these values from the form:
$email (email og the person sending the message)
$name (name of the person sending the message)
$text (contents of the message)

You're right that it's better using:
$email = $_POST['email'];
$name = $_POST['name'];
$text = $_POST['text'];

But if you spoof these values, you cann't send spam to
anybody, since you cann't modify '$to' value, am I right?

saoi_jp

10+ Year Member



 
Msg#: 9897 posted 3:40 pm on Sep 24, 2005 (gmt 0)

Ah, I see. $to is hard-coded within the script page itself.
But if you spoof these values, you cann't send spam to
anybody, since you cann't modify '$to' value, am I right?
As far as I know, you're right, because $to is not coming from outside the script.
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved