Email Injection Attacks

Over the past week or so I’ve been the unfortunate bearer of email injection attacks on two of my sites. It’s no fun I can assure you!

So, I’ve had to search for anything that can help me overcome these nasty so and so’s. That’s when I came across an article called Email Injection – SecurePHP.

While it does explain how the spammers were able to exploit the contact forms on my sites, it’s example of how to stop it from happening doesn’t seem to have worked. I implemented the neccessary changes last nite, but first thing this morning I received the same junk emails in my inbox – which suggests I’ve not stopped the rot :(

I’ve also tried this suggestion on the PHP site, but I don’t believe that has worked either. Maybe I should give it a few days to see for sure.

* Fingers Crossed *

Update

The spam emails seem to have stopped from one domain but not the other, which is strange considering I implemented the same filter on both forms. So more searching was required to find an alternative solution. That’s when I came across this piece of code, which I hope will put an end to these email injection attacks once and for all.

* Fingers Crossed Again *

Update 2

Well, the last change seems to have done the trick. I haven’t received any more spam emails from my own forms. I just hope posting this update doesn’t put a curse on me :D

8 thoughts on “Email Injection Attacks”

  1. You might want to rethink that Patrick. If you’re having the same problem, that means spammers are sending unsolicited emails from your website. Never a good thing!

  2. I’ll look at them a bit more closely next time I get some. I thought they were just gibberish, no links in them or anything. Not very impressive spam. But, maybe I didn’t look close enough.

  3. Just found one. Yeah, I imagine that’s what it is and yeah, it’s just gibberish. Doesn’t seem to do any harm. But, if you find a good solution, blog it. :) Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *