Send this page script used to send spam. Plz help

Forum Moderators: coopster

Message Too Old, No Replies

Send this page script used to send spam. Plz help

Even after deleting the php file, spammer continues

skweb

4:36 pm on Apr 17, 2007 (gmt 0)

I had installed a simple php script (obtained for free from the web) that allows a visitor to forward a page to a friend. It worked great but now a spammer is using it to send thousands of emails. I have deleted the feature and also the php file but no successs. What can I do? Please help. While I have some responsibilities of a webmaster, my technical abilities are very limited.

AlexK

4:57 pm on Apr 17, 2007 (gmt 0)

Check your access_log for successful sends; that will show the URL, and that should lead you to the script used. Double-check that the script is NOT on the server.

Remember, the actual script being used may not be the one that you deleted. The deleted script may have allowed a spammer to drop another script on your site. That second script may be the one being used.

Lastly, try to ease off your desperation. Difficult, I know, but that mental state will actually slow you down, make you miss the obvious, may cause errors. Take it slow and easy, get there quicker in the end.

Good luck.

phparion

6:19 pm on Apr 17, 2007 (gmt 0)

you deleted the script, what a shame :( .. dude come up strongly, show me the code that you were using, i will help you to tweak it and then write in bold fonts on your site that "Mr. Spammer, dare now!"

there is always a fix you need to find it..

anyway, if you still think that thousands of emails are going out from your server after even you deleted the script then it was not your script which was used for remote spamming attack. check your mail logs if you are not very technical then ask your host or server admin. you will track the script which has been used for spamming on your server.

whoisgregg

8:06 pm on Apr 17, 2007 (gmt 0)

A good library thread that discusses the issue of securing email forms [webmasterworld.com]. Although, if the file is deleted and your server is still sending spam then you've got a bigger problem. Your site has maybe been hacked.

Here's a rough draft of how I would proceed if I was in your position:

Backup my site including databases.

Change all my passwords.

Look for files that I didn't put on my site and compare my local files against the remote files for added code that I didn't write.

Understand the attack, change my code to prevent future attacks.

Have my host wipe my account clean and re-upload my now-secure site.

By the way, a good host should be able to identify precisely where the problem is in less than an hours research. A great host would already have told you and disabled the offending script(s).

Of course, If I didn't feel comfortable in my technical skills, I wouldn't do the steps outlined above because if I screwed up, I could lose a lot of my data. I rarely include disclaimers with my advice, but proceed at your own risk. Get skilled help if you don't feel comfortable doing this.

skweb

1:59 pm on Apr 18, 2007 (gmt 0)

Thanks a lot everyone. It appears that the spammer did not hack my website. A copy of the script was lying in a place that it was not supposed to be and no one knew about it. When I completely republished the website, then the problem went away.