1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:28 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

[urgent] Spam Attack! Help!

Email Spam bots attacking!

         

astronaut

12:51 am on Feb 21, 2006 (gmt 0)

10+ Year Member



Help, my host company is threatening to shut me down. I have a "join newsletter" form (email form) on my homepage and now am getting attacked by spammers. I keep getting emails like these:

<b>note:</b>my.servercompany.com is just changed to protect the innocent.

This is in the "From" header. I am getting tons of these.

"andContent-Type: multipart/alternative@my.servercompany.com;
boundary=0b23dd8fd6c7fc60676472c34c90c238MIME-Version: 1.0Subject: from
the orth ea. erhaps thoubcc: charieses329@aol.comThis is a multi-part
message in MIME format.--0b23dd8fd6c7fc60676472c34c90c238Content-Type:
text/plain; charset=\"us-ascii\"MIME-Version:
1.0Content-Transfer-Encoding: 7bitdoin an he wants thim to see what
good he s doin . e gets fifty per cint iv his wish niver more. man
keeps his front--0b23dd8fd6c7fc60676472c34c90c238--."

<b>here is my code for the page that contains the email form</b>:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<?

include ("includes/css.php");
include ("includes/db.php");
mysql_select_db('fake_emaildb', $connection) or die(mysql_error());

?>
<TITLE>Santa Cruz Bicycles</TITLE>
<META NAME="Generator" CONTENT="EditPlus">
<META NAME="Author" CONTENT="">
<META NAME="Keywords" CONTENT="">
<META NAME="Description" CONTENT="">

<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
function placeFocus() {
if (document.forms.length > 0) {
var field = document.forms[0];
for (i = 0; i < field.length; i++) {
if ((field.elements[i].type == "text") ¦¦ (field.elements[i].type == "textarea") ¦¦ (field.elements[i].type.toString().charAt(0) == "s")) {
document.forms[0].elements[i].focus();
break;
}
}
}
}

function resetform() {
document.forms[0].elements[1]=="";
}
function submitForms() {
if (isemail())
{
return true;
}
else
return false;
}function isemail() {
if (document.forms[0].elements[0].value == "")
{
alert ("\n Please include your Email")
document.forms[0].elements[0].focus();
return false;
}
if (document.forms[0].elements[0].value.indexOf ('@',0) == -1 ¦¦
document.forms[0].elements[0].value.indexOf ('.',0) == -1 ¦¦
document.forms[0].elements[0].value.indexOf (' ',0) == 1) {
alert ("Please make sure your EMAIL address is correct \n\n For Example : \n\n \"yourname@youremail.com\" ")
document.forms[0].elements[0].select();
document.forms[0].elements[0].focus();
return false;
}
return true;
}
// End -->
</script>
</HEAD>
<BODY topmargin="0" leftmargin="0" marginwidth="0" marginheight="0" bgcolor="#333333">
<table border="0" cellpadding="0" cellspacing="0" width="100%" height="100%">
<tr>
<td align="right" valign="top">

<?
if($SUBSCRIBE=='1'){

// first check to see if they are already part of the email list;
$sql_email_check = mysql_query("SELECT Email FROM CUSTOMERS WHERE Email = '$email'");
$email_check = mysql_num_rows($sql_email_check);
if($email_check > 0){

echo "<font class=MedGrey>You are already part of our Email Newsletter. Hold tight, we will be sending out another edition of our newsletter soon!</font> <BR>";

exit;
}

// If they aren't already part of the list, add them

else {
mysql_query( "INSERT INTO CUSTOMERS (Email,Subscribe) VALUES('$email','$SUBSCRIBE')");
$sql_email_check2 = mysql_query("SELECT Email FROM CUSTOMERS WHERE Email = '$email'");
$email_check2 = mysql_num_rows($sql_email_check2);
if($email_check2 > 0){
echo "<font class=MedGrey>Welcome to our Email list! <br>If you would like to see the last newsletter <a class=BigRed href=mail/1205.html target=_blank> click here</a></font>";
exit;
}else {
echo "<font class=BigRed>There was some kind of problem adding you to our newsletter. </font>";

}
}

// End Subscribe sequence
}


if($sendmail=='1'){

$email = $_POST['email'];
$email = preg_replace( "/[\r\n]/", '', $email );
$message = "<font color=grey face=arial size=1>Thank you for signing up for the Newsletter!<br><BR><b><a href=http://www.[myserver].com/index.php?SUBSCRIBE=1&email=$email>Last step, click this link to activate your subscription to our newsletter.</a></b><P><P><br>If you ever wish to unsubscribe: <a href=http://www.[myserver].com/mail/unsubscribe.php?Email=$email>Click Here</a> and enter your email address.</font>";
echo" <font class=MedGrey>Soon you will recieve an email with instructions on how to confirm your subscription to our newsletter.<br> Just follow the simple steps listed in the email and you're done!</font><br>";
$subject = "Newsletter Confirmation";
$recipient = "[myemail]@[mywebsite].com";

$headers .= "$email";
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "From: $email";

if( preg_match( "/@/", $email ) )
mail( $recipient, $subject, $message, $headers );

if($Subscribe=="1"){
$sql_email_check = mysql_query("SELECT Email FROM CUSTOMERS WHERE Email = '$email'");
$email_check = mysql_num_rows($sql_email_check);

/* Email body content*/
if($email_check > 0){

echo "<font class=MedGrey>Hey, don't worry, you are still on our email list!</font> <BR>";

}
}
}else{
?>
<form action="<?echo $PHP_SELF;?>?sendmail=1" method="post" onSubmit="return submitForms();">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td nowrap align="right" valign="top"><img src="graphics/newsletter.gif" border="0"></td>
<td align="right" valign="top"><input type="text" name="email" style="font-family: arial;color: #999999; border-top: 1pt solid #666666; border-bottom: 1pt solid #666666; border-left: 1pt solid #666666; border-right: 1pt solid #666666; padding-left: 4px; padding-right: 4px; background-color: #333333;"></td>
<td align="right" valign="top"><input type="hidden" name="Subscribe" value="1">&nbsp;&nbsp;<input type="image" src="graphics/signup.gif" value="send >>"></td>
<!-- <td><img src="graphics/spacer.gif" border="0" width="30" height="5"></td> -->
</tr>
</table>
</form>
<?}?>

</td>
</tr>
</table>

</td>
</tr>
</table>

</center>
</body>
</html>

jatar_k

12:58 am on Feb 21, 2006 (gmt 0)

WebmasterWorld Administrator 10+ Year Member



first things first

shut the script down, move it, delete it, change the name, whatever it takes just get it off your server to make sure it stops now to keep from getting shut down and then you can try and fix it.

phparion

4:21 am on Feb 21, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



i agree with mod. shut it down before host takes severe actions against you. after that search google for tutorials on Form Authentication with random images in php. if you have seen this on many forums forms and email service providers, they ask you to enter the value written on image which is displayed randomly, trust me its very easy and you can do it easily, if you still stuck in doing this then come back i will give you complete code for this.

another easy way could be to make a single image and write some value on this for example "HATE SPAMMERS" and display it on your form and ask the users to enter this value in some field then in action page check whether this value was written or not e.g

if (field.value == "HATE SPAMMERS" )
then
its ok
otherwise
get lost spammer.

i think it will work however i am not sure cent per cent

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:28 am May 2, 2026