Welcome to WebmasterWorld Guest from 54.145.221.99

Forum Moderators: phranque

Message Too Old, No Replies

Account suspended due to Spamhaus complaints

My host received Spamhaus complaints and cancelled my account

   
9:20 am on Sep 24, 2005 (gmt 0)

10+ Year Member



Hi.

My host cancelled my account suddenly and without previous notification because "our data center is receiving Spamhaus complaints".

I don't carry out Spam and I only manage a blog and a
phpBB forum within my website.

I've browsed Spamhaus SBL and XBL lists:
[spamhaus.org...] [real IP removed]
and the IP of my server is not whithin these both black lists.

I've also checked other black lists:
[spam.deadbeef.com...]
[spamcop.net...]
and I don't find my IP.

Can anybody explain me a little more about this issue? I've got no idea about spam, my host support claims they "are investigating" and my website is down for 12 hours.

Thank you very much.

9:25 am on Sep 24, 2005 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Just a thought.... Might a competitor have spoofed the complaint?

Does your site have a shared or a unique IP address?

Kaled.

9:40 am on Sep 24, 2005 (gmt 0)

10+ Year Member



> Just a thought.... Might a competitor have spoofed the complaint?
Yes, it might. But... is it possible? (I had no idea
about spam and less about Spamhaus complaints til now)

> Does your site have a shared or a unique IP address?
I share server with more than 50 websites. Mmmm... why is my host so sure about I'm to blame?

BTW, thank you very much Kaled for your answer.

10:08 am on Sep 24, 2005 (gmt 0)

10+ Year Member




This is just one of the hazards of having a shared IP.

How about talking to your hosting service and requesting a dedicated IP. For a few dollars you could be back up and running in a few hours and not have to worry about the problem happening again.

10:23 am on Sep 24, 2005 (gmt 0)

10+ Year Member



Yes, georgeek, you're right. But, the rest of the websites hosted in my server are not cancelled and I'm the only one :(

Any robust and reliable host service offering Dedicated Servers?

12:34 pm on Sep 24, 2005 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member



If I were you, I'd tell them categorically to put your site back up. If the complaint is based on an IP address (and I believe this is how spamhaus and others operate) there is no way to be certain that you are to blame.

The most likely source of any spam from your IP address is a vulnerable mail script. Do you use form mail? If not then there is almost no way for the blame to be yours. Also, if you do use form mail and the script was provided by your host, if it has been hacked, it's their fault for providing a vulnerable script.

Kaled.

2:49 pm on Sep 24, 2005 (gmt 0)

10+ Year Member



I've got one simple email form which sends comments from my visitors:

email-form.html
-------------------
<form method=post action=send-mail.php>
Your email address:<br>
<input type="text" size="56" name="email"> <br>
Your name: <br>
<input type="text" size="56" name="name"> <br>
Text:<br>
<textarea name="text" rows=7 cols=60 wrap="off"></textarea> <br>
<input type="Submit" value="Send">
</form>
---------

send-mail.php
-----------
$to = "myemail@mydomain.com";
$subject = "Sent Menssage";
$body = "Message Body \n";
$body = $body . "----------------------- \n";
$body = $body . $email . "\n";
$body = $body . "----------------------- \n";
$body = $body . $name . "\n";
$body = $body . "----------------------- \n";
$body = $body . $text . "\n";
$headers = "From: $email";
mail($to,$subject,$body,$headers);
-------------

Could this script be vulnerable?

3:03 pm on Sep 24, 2005 (gmt 0)

10+ Year Member



It could be vulnerable. Depends on how the "send-mail.php" script gets "email" from the form.

I hope this code is correct:
$to = $_POST['email'];
(See www.php.net and look up $_POST in the search.)
Using $_POST gets the data from the form (you have method=post).

If your script just says something like
$to = $email;
then it could get the address from the form, or from a URL. An automated script could access your script page through something like


http://www.example.com/send-mail.php?email=asdf@fdlkj.com

By the way, this is a neater way to write the $body, and a little more efficient than redoing $body each line:


$body = "Message Body \n"
. "----------------------- \n"
. $email . "\n"
. "----------------------- \n"
. $name . "\n"
. "----------------------- \n"
. $text . "\n";

[edited by: encyclo at 7:56 pm (utc) on Aug. 11, 2007]

3:24 pm on Sep 24, 2005 (gmt 0)

10+ Year Member



Thank you saoi for your answer.

'$to' value is within the PHP code (it's always 'myemail@mydomain.com' and this is my mailbox where I receive the messages), and I only get these values from the form:
$email (email og the person sending the message)
$name (name of the person sending the message)
$text (contents of the message)

You're right that it's better using:
$email = $_POST['email'];
$name = $_POST['name'];
$text = $_POST['text'];

But if you spoof these values, you cann't send spam to
anybody, since you cann't modify '$to' value, am I right?

3:40 pm on Sep 24, 2005 (gmt 0)

10+ Year Member



Ah, I see. $to is hard-coded within the script page itself.
But if you spoof these values, you cann't send spam to
anybody, since you cann't modify '$to' value, am I right?
As far as I know, you're right, because $to is not coming from outside the script.