First find out what is meant by "attached by phishers". It's odd that the only recommendation seems to be change permissions.
You can immediately change permissions of the form and all php files to 644.
You can add a check in the php code to make sure the post came from your form on your site. Search the forum for security issues. I'll look for stuff I've already suggested and send you what I find.
Please publish what you find and what your solution is back in this post so others can benefit from your work.
There is another version in the works. Go to the home page of the SF project and see if an advanced copy is available. From what I hear it is significantly diferent. I have no idea if it solves specific security issues.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
>>A phishing site on the domain, _______.com, was discovered. I investigated the issue and found that the cause was insecure permissions and an exploited script. Please have your client update their version of form generator to the newest version available (which might not be under Fantastico). I have removed the offending content. <<
In a later email, they provided a lot of code which, frankly, means nothing to me, but it may mean something to you. Would it be helpful to post what they provided?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
OK, directory and file permissions should very rarely ever be 777.
Stick with 644 on html and graphics, and in most cases php files. Older PHP installs needed 755 on php files but his is not true anymore. You can check with your host to see what the PHP requirements are for your host.
Another security measure you can add to your process.php file is to check where the form data came from. This prevents others from using your process.php file.
Add this near the top of the file:
$ref = getenv("HTTP_REFERER");
$adr=getenv("REMOTE_ADDR");
Add this right after the first $error=:
$error.="<br>Referred from: ".$ref."<br>IP: ".$adr;
Add this check using your URL:
$match = ereg('^http://localhost/forms/use/test_referer/form1.html',$ref);
if(!$match) {$errors=1;}
This will flag an error when processed if the data is coming from any other URL or form file. Preventing anyone from spamming your form's process.php file.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you so much for the information and for your time.
All of this is pretty much greek to me, but I will work with tech support at my host to see if I can implement your recommendations in all of the right places.
jk
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Am I correct that the additional security measures you described below may be impolemented independent of one another? (i.e., I figured out #1 and #2 but am not sure where to add #3)??
Another security measure you can add to your process.php file is to check where the form data came from. This prevents others from using your process.php file.
#1 Add this near the top of the file:
$ref = getenv("HTTP_REFERER");
$adr=getenv("REMOTE_ADDR");
#2 Add this right after the first $error=:
$error.="<br>Referred from: ".$ref."<br>IP: ".$adr;
#3 Add this check using your URL:
$match = ereg('^http://localhost/forms/use/test_referer/form1.html',$ref);
if(!$match) {$errors=1;}
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've used the phpFormGenerator(version 2.09c) that I obtained through the Fantastico option in my HostGator cPanel on a number of my websites.
I just received notification from Host Gator's Abuse Dept. that the form I created for one of these sites has been attached by phishers.
They suggested that I change the permissions and update to a newer version of the software.
Before I change the permissions, I need to know if that will alter the functionality of the form.
Also, is a newer version of this or comparable software available that eliminates this problem?
I'm sort of a WYSIWIG kind of web designer so this technical stuff throws me. Any assistance you can offer will be greatly appreciated.
Thanks!
First find out what is meant by "attached by phishers". It's odd that the only recommendation seems to be change permissions.
You can immediately change permissions of the form and all php files to 644.
You can add a check in the php code to make sure the post came from your form on your site. Search the forum for security issues. I'll look for stuff I've already suggested and send you what I find.
Please publish what you find and what your solution is back in this post so others can benefit from your work.
There is another version in the works. Go to the home page of the SF project and see if an advanced copy is available. From what I hear it is significantly diferent. I have no idea if it solves specific security issues.
If this is helpful, here is what they wrote:
>>A phishing site on the domain, _______.com, was discovered. I investigated the issue and found that the cause was insecure permissions and an exploited script. Please have your client update their version of form generator to the newest version available (which might not be under Fantastico). I have removed the offending content. <<
In a later email, they provided a lot of code which, frankly, means nothing to me, but it may mean something to you. Would it be helpful to post what they provided?
Send it to me in an email. I'd like to see what they are talking about.
OK, directory and file permissions should very rarely ever be 777.
Stick with 644 on html and graphics, and in most cases php files. Older PHP installs needed 755 on php files but his is not true anymore. You can check with your host to see what the PHP requirements are for your host.
Another security measure you can add to your process.php file is to check where the form data came from. This prevents others from using your process.php file.
Add this near the top of the file:
$ref = getenv("HTTP_REFERER");
$adr=getenv("REMOTE_ADDR");
Add this right after the first $error=:
$error.="<br>Referred from: ".$ref."<br>IP: ".$adr;
Add this check using your URL:
$match = ereg('^http://localhost/forms/use/test_referer/form1.html',$ref);
if(!$match) {$errors=1;}
This will flag an error when processed if the data is coming from any other URL or form file. Preventing anyone from spamming your form's process.php file.
Thank you so much for the information and for your time.
All of this is pretty much greek to me, but I will work with tech support at my host to see if I can implement your recommendations in all of the right places.
jk
Am I correct that the additional security measures you described below may be impolemented independent of one another? (i.e., I figured out #1 and #2 but am not sure where to add #3)??
Another security measure you can add to your process.php file is to check where the form data came from. This prevents others from using your process.php file.
#1 Add this near the top of the file:
$ref = getenv("HTTP_REFERER");
$adr=getenv("REMOTE_ADDR");
#2 Add this right after the first $error=:
$error.="<br>Referred from: ".$ref."<br>IP: ".$adr;
#3 Add this check using your URL:
$match = ereg('^http://localhost/forms/use/test_referer/form1.html',$ref);
if(!$match) {$errors=1;}