Gossamer Forum
Home : Products : DBMan : Discussions :

Spammer used our private email mod

Quote Reply
Spammer used our private email mod
We installed the private email mod to protect our listing of 500+ professionals from spammers while still allowing them to receive inquiries from the general public. Yesterday, a spammer (193.220.188.164) was able to email each of our members. It appears he was able to automate the form completion and submission.

"POST /cgi-bin/db/db.cgi HTTP/1.1" 200 4812 http://domain.com/...mp;send_email_form=1

I've banned the IP address, but is there anything else I can do to prevent this from happening again?
Quote Reply
Re: [sciulli] Spammer used our private email mod In reply to
Many scripts have a "must run from" type of action so that if your site is www.bob.com then the form must be submitted from bob.com. The spammer probably wrote a script that ran on his/her website and called your form.

Check out www.redundantcartride.com/dbman (the unofficial dbman faq) and see if there is any such mod that limits form submission to your site only.
Quote Reply
Re: [Watts] Spammer used our private email mod In reply to
Thank you!! I imagine other sites have been hit as well. I've located this subroutine http://www.devdaily.com/...u/articles/pl010014/ that looks like it will address it. Just can't seem to get the proper syntax when calling the sub from html.pl.

I've added this sub to db.cgi:

sub limitHostAccess {

$trustedHosts = "devdaily.com|mydomain.com"; # define your domain here
$remoteHost = $ENV{'REMOTE_HOST'};

if ( $remoteHost =~ /$trustedHosts$/i ) {
return;
} else {
print "\n";
exit 1;
}
}

1;


But I haven't been successful in calling the sub from html.pl when adding it under the sub html_send_email_form:

#---------------------------------------------#
&limitHostAccess; # program exits here if REMOTE_HOST is wrong #
#---------------------------------------------#
Quote Reply
Re: [sciulli] Spammer used our private email mod In reply to
How are you not successful? Are you getting an error or does it just "not work"? Remember you'd have to try to submit the form while hosted on another website.
Quote Reply
Re: [Watts] Spammer used our private email mod In reply to
The is a mod written for DBMan called:

Allow the database to be run from YOUR server only

You can find this thread in the FAQ noted below under the section "Admin"

Unoffical DBMan FAQ

http://creativecomputingweb.com/dbman/index.shtml/
Quote Reply
Re: [LoisC] Spammer used our private email mod In reply to
LoisC is right... the hack she is referring to was written with dbman in mind.

It uses $ENV{'HTTP_REFERER'}; (instead of REMOTE_HOST). The other example I've seen uses HTTP_REFERER also.
Quote Reply
Re: [sciulli] Spammer used our private email mod In reply to
Thank you. I found the Mod at http://redundantcartridge.com/dbman/text/admin44.txt. In addition to the instructions, I added

&check_url;


to the sub send_email and it is working. I really appreciate the help Watts and LoisC. Many thanks.