Contact form (formmail) compromised - what steps are required to deal with this. And how can I stop it happening on my other sites?

Asked by:
billyb / 10 Points
Time:
2012-08-21 11:34 am EST
Category:
Fighting Spam
Hits:
1,586
approx 500 emails sent from my contact form to my own contact email address in a 2 minute period, including "SomeCustomInjectedHeader:injected_by_wvs".

To ask this user for more information, please first login.

To submit an answer, please login.

ANSWERS

0

arnelc
Staff
13,025 Points
2012-08-21 12:19 pm EST
Hello Billyb,

I'm sorry to hear about your problems with the code injection into your emails. I tried to take a closer look at the issue by looking at your files, but there are a number of websites on your account and it's difficult to determine which one may have been involved in this problem. It is very possible that the file in CGI-bin has been corrupted or injected with code. I will include a link for suggestions to help avoid that. Those would be the best suggestions to avoid the issue. Part of the problem is that you also have all of these sites under one account. In order to avoid cross-contamination it would be more secure to have separate accounts. Otherwise, you have to search across multiple website files in one account to find the source of the issue sometimes.

You can also secure the input page for the form mail using a captcha or re-captcha. It just doesn't look like it's happening at that level. If you're still having problems with script right now, my suggestion is to re-download it from a very good source (sourceforge.net is a great place) and then replace the code with newly downloaded one. This way you can see if the infection is happening outside of the form mail script. Try the suggestion in this link and then get back with us if the problem persists.

What to do when your Website is hacked

If you have any further questions, please contact technical support or leave a comment at the bottom of the page.

Regards,

Arnel C.

To submit a comment on this answer, please first login.

Want to share this Question?

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.