Script URL:http://www.gihtrust.co.nz/mboard/mboard.php
Version of script:1.3
Hosting company:NetNeeds.co.nz
URL of phpinfo.php:http://www.gihtrust.co.nz/mboard/phpinfo.php
URL of session_test.php:http://www.gihtrust.co.nz/mboard/session_test.php
What terms did you try when SEARCHING for a solution:spam email,security,protection,email trace,ip address,
Write your message below:Hello folks
I seem to have an unusual problem. I have been receiving email spam consistently in the last couple of days. My host said it is the Message Board that spammers are using to send me email spam. The trouble is, the email spam messages I’m receiving are sent from a Form, and are not the same as the notices I receive from the Message Board when someone post a message. I have used email trace software and only led to the hosts IP address.
I think there might be something interfering with the hosts network I’m not sure, but I get the impression the host doesn’t like my Message Board. I believe either the host or other sites within the same hosts are suspects.
I don’t believe the email spams are sent from the Message Board, but then again I’m not sure if some advanced person is doing this to me...
Any help would be appreciated
Thanks
Pete120
=====
Unusual Problem
Just to throw in my 2 cents: the only place in MBoard code that sends mail is line 470:
$settings['admin_email'] is hard-coded in the settings.php and $message is checked and parsed through htmlspecialchars(). In my opinion it is impossible to send out any mail, except the "new message" notification, from MBoard.
Are you 100% sure the spam comes from your server? I've seen many cases where spammers forge e-mail headers to display "From:" as a valid e-mail address and that person receives all the bounced e-mails.
You can paste a sample spam mail here and I will have a look, just make sure you include all e-mail headers.
Code: Select all
mail($settings['admin_email'],'New forum post',$message); Are you 100% sure the spam comes from your server? I've seen many cases where spammers forge e-mail headers to display "From:" as a valid e-mail address and that person receives all the bounced e-mails.
You can paste a sample spam mail here and I will have a look, just make sure you include all e-mail headers.
Klemen, creator of HESK and PHPJunkyardWas this helpful? You can buy me a drink here 
You should follow me on Twitter here
Help desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
You should follow me on Twitter hereHelp desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
Unusual Problem
My host is – Netneeds.co.nz
It is also registered in the USA under Netneedsnz.com
The IP address 72.52.131.40 is my host’s ip address, and he denies any knowledge of where it’s coming from. My site’s submissions are sent to Woosh, which is my IP connection, before it’s send to my Inbox.
Email Header from Windows Mail (Vista):
[[ Return-path: <gihtrust@host.netneedsnz.com>
Received: from mta1.woosh.co.nz (mta1.woosh.co.nz [202.74.207.25]) by woosh.co.nz
(Rockliffe SMTPRA 6.1.22) with ESMTP id <B0094876598@mail2.woosh.co.nz> for <gihtrust@woosh.co.nz>;
Thu, 8 Nov 2007 10:12:38 +1300
Received: from localhost (unknown [127.0.0.1])
by mta1.woosh.co.nz (Postfix) with ESMTP id 9739E1146F
for <gihtrust@woosh.co.nz>; Wed, 7 Nov 2007 21:12:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at woosh.co.nz
X-Spam-Flag: NO
X-Spam-Score: -0.476
X-Spam-Level:
X-Spam-Status: No, score=-0.476 required=5 tests=[BAYES_00=-2.599,
FORGED_HOTMAIL_RCVD2=1.162, NO_REAL_NAME=0.961]
Received: from mta1.woosh.co.nz ([127.0.0.1])
by localhost (mta1.woosh.co.nz [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id GdNU-gNGaEB9 for <gihtrust@woosh.co.nz>;
Thu, 8 Nov 2007 10:12:18 +1300 (NZDT)
Received: from host.netneedsnz.com (host.netneedsnz.com [72.52.131.40])
by mta1.woosh.co.nz (Postfix) with ESMTP id 87AE611441
for <gihtrust@woosh.co.nz>; Thu, 8 Nov 2007 10:12:17 +1300 (NZDT)
Received: from gihtrust by host.netneedsnz.com with local (Exim 4.68)
(envelope-from <gihtrust@host.netneedsnz.com>)
id 1IpsBS-0007zI-Ar
for support@gihtrust.co.nz; Thu, 08 Nov 2007 10:11:34 +1300
To: support@gihtrust.co.nz
From: la_petite@hotmail.com
Subject: Comments
Message-Id: <E1IpsBS-0007zI-Ar@host.netneedsnz.com>
Date: Thu, 08 Nov 2007 10:11:34 +1300
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.netneedsnz.com
X-AntiAbuse: Original Domain - gihtrust.co.nz
X-AntiAbuse: Originator/Caller UID/GID - [32147 32148] / [47 12]
X-AntiAbuse: Sender Address Domain - host.netneedsnz.com ]]
Email Body:
(REMOVED)
Sorry about the mess..
It is also registered in the USA under Netneedsnz.com
The IP address 72.52.131.40 is my host’s ip address, and he denies any knowledge of where it’s coming from. My site’s submissions are sent to Woosh, which is my IP connection, before it’s send to my Inbox.
Email Header from Windows Mail (Vista):
[[ Return-path: <gihtrust@host.netneedsnz.com>
Received: from mta1.woosh.co.nz (mta1.woosh.co.nz [202.74.207.25]) by woosh.co.nz
(Rockliffe SMTPRA 6.1.22) with ESMTP id <B0094876598@mail2.woosh.co.nz> for <gihtrust@woosh.co.nz>;
Thu, 8 Nov 2007 10:12:38 +1300
Received: from localhost (unknown [127.0.0.1])
by mta1.woosh.co.nz (Postfix) with ESMTP id 9739E1146F
for <gihtrust@woosh.co.nz>; Wed, 7 Nov 2007 21:12:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at woosh.co.nz
X-Spam-Flag: NO
X-Spam-Score: -0.476
X-Spam-Level:
X-Spam-Status: No, score=-0.476 required=5 tests=[BAYES_00=-2.599,
FORGED_HOTMAIL_RCVD2=1.162, NO_REAL_NAME=0.961]
Received: from mta1.woosh.co.nz ([127.0.0.1])
by localhost (mta1.woosh.co.nz [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id GdNU-gNGaEB9 for <gihtrust@woosh.co.nz>;
Thu, 8 Nov 2007 10:12:18 +1300 (NZDT)
Received: from host.netneedsnz.com (host.netneedsnz.com [72.52.131.40])
by mta1.woosh.co.nz (Postfix) with ESMTP id 87AE611441
for <gihtrust@woosh.co.nz>; Thu, 8 Nov 2007 10:12:17 +1300 (NZDT)
Received: from gihtrust by host.netneedsnz.com with local (Exim 4.68)
(envelope-from <gihtrust@host.netneedsnz.com>)
id 1IpsBS-0007zI-Ar
for support@gihtrust.co.nz; Thu, 08 Nov 2007 10:11:34 +1300
To: support@gihtrust.co.nz
From: la_petite@hotmail.com
Subject: Comments
Message-Id: <E1IpsBS-0007zI-Ar@host.netneedsnz.com>
Date: Thu, 08 Nov 2007 10:11:34 +1300
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.netneedsnz.com
X-AntiAbuse: Original Domain - gihtrust.co.nz
X-AntiAbuse: Originator/Caller UID/GID - [32147 32148] / [47 12]
X-AntiAbuse: Sender Address Domain - host.netneedsnz.com ]]
Email Body:
(REMOVED)
Sorry about the mess..
The IP address is the host of my website. If I block it, it might not process my Message Board messages, I'm not sure.icepack wrote:hi,
you could try blocking their ip addresses.
this is easy done through your host's control/admin panel.
hope it helps
I have redirected messages to another folder, but the email header below has just come through after I had redirected it.
Anyway, how can do this?
cheers.
Pete120
I don't see where your host got the idea this is sent from MBoard?
Klemen, creator of HESK and PHPJunkyardWas this helpful? You can buy me a drink here
You should follow me on Twitter here
Help desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
You should follow me on Twitter hereHelp desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
Unusual problem
That's why it bothers me, either the host doesn't know how to fix it or he's deliberately lying..Klemen Stirn wrote:I don't see where your host got the idea this is sent from MBoard?
I have already placed a complaint with our local authority, but haven't heard from them yet
Thanks anyway
Pete120