Welcome to WebmasterWorld Guest from 54.145.68.202

Forum Moderators: phranque

Message Too Old, No Replies

Account suspended due to Spamhaus complaints

My host received Spamhaus complaints and cancelled my account

     
9:20 am on Sep 24, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Dec 5, 2004
posts:138
votes: 0


Hi.

My host cancelled my account suddenly and without previous notification because "our data center is receiving Spamhaus complaints".

I don't carry out Spam and I only manage a blog and a
phpBB forum within my website.

I've browsed Spamhaus SBL and XBL lists:
[spamhaus.org...] [real IP removed]
and the IP of my server is not whithin these both black lists.

I've also checked other black lists:
[spam.deadbeef.com...]
[spamcop.net...]
and I don't find my IP.

Can anybody explain me a little more about this issue? I've got no idea about spam, my host support claims they "are investigating" and my website is down for 12 hours.

Thank you very much.

9:25 am on Sept 24, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 2, 2003
posts:3710
votes: 0


Just a thought.... Might a competitor have spoofed the complaint?

Does your site have a shared or a unique IP address?

Kaled.

9:40 am on Sept 24, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Dec 5, 2004
posts:138
votes: 0


> Just a thought.... Might a competitor have spoofed the complaint?
Yes, it might. But... is it possible? (I had no idea
about spam and less about Spamhaus complaints til now)

> Does your site have a shared or a unique IP address?
I share server with more than 50 websites. Mmmm... why is my host so sure about I'm to blame?

BTW, thank you very much Kaled for your answer.

10:08 am on Sept 24, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 19, 2002
posts:423
votes: 0



This is just one of the hazards of having a shared IP.

How about talking to your hosting service and requesting a dedicated IP. For a few dollars you could be back up and running in a few hours and not have to worry about the problem happening again.

10:23 am on Sept 24, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Dec 5, 2004
posts:138
votes: 0


Yes, georgeek, you're right. But, the rest of the websites hosted in my server are not cancelled and I'm the only one :(

Any robust and reliable host service offering Dedicated Servers?

12:34 pm on Sept 24, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 2, 2003
posts:3710
votes: 0


If I were you, I'd tell them categorically to put your site back up. If the complaint is based on an IP address (and I believe this is how spamhaus and others operate) there is no way to be certain that you are to blame.

The most likely source of any spam from your IP address is a vulnerable mail script. Do you use form mail? If not then there is almost no way for the blame to be yours. Also, if you do use form mail and the script was provided by your host, if it has been hacked, it's their fault for providing a vulnerable script.

Kaled.

2:49 pm on Sept 24, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Dec 5, 2004
posts:138
votes: 0


I've got one simple email form which sends comments from my visitors:

email-form.html
-------------------
<form method=post action=send-mail.php>
Your email address:<br>
<input type="text" size="56" name="email"> <br>
Your name: <br>
<input type="text" size="56" name="name"> <br>
Text:<br>
<textarea name="text" rows=7 cols=60 wrap="off"></textarea> <br>
<input type="Submit" value="Send">
</form>
---------

send-mail.php
-----------
$to = "myemail@mydomain.com";
$subject = "Sent Menssage";
$body = "Message Body \n";
$body = $body . "----------------------- \n";
$body = $body . $email . "\n";
$body = $body . "----------------------- \n";
$body = $body . $name . "\n";
$body = $body . "----------------------- \n";
$body = $body . $text . "\n";
$headers = "From: $email";
mail($to,$subject,$body,$headers);
-------------

Could this script be vulnerable?

3:03 pm on Sept 24, 2005 (gmt 0)

Full Member

10+ Year Member

joined:Jan 9, 2003
posts:227
votes: 0


It could be vulnerable. Depends on how the "send-mail.php" script gets "email" from the form.

I hope this code is correct:
$to = $_POST['email'];
(See www.php.net and look up $_POST in the search.)
Using $_POST gets the data from the form (you have method=post).

If your script just says something like
$to = $email;
then it could get the address from the form, or from a URL. An automated script could access your script page through something like


http://www.example.com/send-mail.php?email=asdf@fdlkj.com

By the way, this is a neater way to write the $body, and a little more efficient than redoing $body each line:


$body = "Message Body \n"
. "----------------------- \n"
. $email . "\n"
. "----------------------- \n"
. $name . "\n"
. "----------------------- \n"
. $text . "\n";

[edited by: encyclo at 7:56 pm (utc) on Aug. 11, 2007]

3:24 pm on Sept 24, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Dec 5, 2004
posts:138
votes: 0


Thank you saoi for your answer.

'$to' value is within the PHP code (it's always 'myemail@mydomain.com' and this is my mailbox where I receive the messages), and I only get these values from the form:
$email (email og the person sending the message)
$name (name of the person sending the message)
$text (contents of the message)

You're right that it's better using:
$email = $_POST['email'];
$name = $_POST['name'];
$text = $_POST['text'];

But if you spoof these values, you cann't send spam to
anybody, since you cann't modify '$to' value, am I right?

3:40 pm on Sept 24, 2005 (gmt 0)

Full Member

10+ Year Member

joined:Jan 9, 2003
posts:227
votes: 0


Ah, I see. $to is hard-coded within the script page itself.
But if you spoof these values, you cann't send spam to
anybody, since you cann't modify '$to' value, am I right?
As far as I know, you're right, because $to is not coming from outside the script.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members