PHP Contact Form Problem

[nige]

Hey All,

 

Our web server appears to be getting hacked by a third part and I think they are getting in via a PHP contact form.  They are planting a .htaccess file in the root folder redirecting the pages to a blank one.

 

Can anyone give me advice on the best course of action to take.  I can post our PHP code if needed.

 

Many Thanks

[litebearer]

1. yes, show us the code

2. change all your passwords DO NOT store them

3. Are you on a shared server?

4. In your FTP program - change password - do NOT store

 

[nige]

Hi litebearer,

 

Thanks for the quick reply.  See answers below

 

 

 

1. yes, show us the code

 

 

Filename: sendmail.php

<?
  $linefeed='\n';
  $Title=$_POST['Title'];
  $FName=$_POST['FName'];
  $SName=$_POST['SName'];
  $email_address=$_POST['email_address'];
  $mobile=$_POST['mobile'];
  $Age=$_POST['Age'];
  $Address1=$_POST['Address1'];
  $Town_City=$_POST['Town_City'];
  $County=$_POST['County'];
  $Country=$_POST['Country'];
  $Message=$_POST['Message'];
  $cosmetic=$_POST['cosmetic'];
  $lingerie=$_POST['lingerie'];
  $Ccard=$_POST['Ccard'];
  $Sales=$_POST['Sales'];
  $FashionShows=$_POST['FashionShows'];
  $bargin=$_POST['bargin'];
  $error=0;

function check_firstname($FName)
{
  if(preg_match("/[a-zA-Z\-\Ä\ä\Ö\ö\Ü\ü\
   ]+$/s",$FName))
    return TRUE;
  else
    return FALSE;
}

function check_surname($SName)
{
  if(preg_match("/[a-zA-Z\-\Ä\ä\Ö\ö\Ü\ü\
   ]+$/s",$SName))
    return TRUE;
  else
    return FALSE;
}

function check_email_address($email_address)
{
//  if(preg_match("/[a-zA-Z0-9\@\
//   ]+$/s",$email_address))
//    return TRUE;
//  else
//    return FALSE;

  // First, we check that there's one @ symbol, and that the lengths are right
  if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email_address)) {
    // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
    return false;
  }
  // Split it into sections to make life easier
  $email_array = explode("@", $email_address);
  $local_array = explode(".", $email_array[0]);
  for ($i = 0; $i < sizeof($local_array); $i++) {
     if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
      return false;
    }
  }
  if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
    $domain_array = explode(".", $email_array[1]);
    if (sizeof($domain_array) < 2) {
        return false; // Not enough parts to domain
    }
    for ($i = 0; $i < sizeof($domain_array); $i++) {
      if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
        return false;
      }
    }
  }
  return true; 
}

function check_mobile($mobile)
{
  if(preg_match("/[0-9\ ]+$/s",$mobile))
    return TRUE;
  else
    return FALSE;
}

if(!check_firstname($FName))
{
  echo "<B>Please input your firstname correctly.</B><br>";
  $error++;
}

if(!check_surname($SName))
{
  echo "<B>Please input your surname correctly.</B><br>";
  $error++;
}

if(!check_email_address($email_address))
{
  echo "<B>Your email entered is not an invaild email address.</B><br>";
  $error++;
}

if(!check_mobile($mobile))
{
  echo "<B>Mobile number has wrong format.</B><br>";
  $error++;
}


if($error == 0)
{
  mail( "regform@domain.ie", "A new customer has signed up",
    "Name: " . $Title . " " . $FName . " " . $SName . "\r\n" .
    "Email: " . $email_address . "\r\n" .
    "Mobile Phone: " . $mobile . "\r\n" .
    "Age: " . $Age . "\r\n" .
    "Address: " . "\r\n" .
    "            " . $Address1 . "\r\n" .
    "            " . $Town_City . "\r\n" .
    "            " . $County . "\r\n" .
    "            " . $Country . "\r\n" .
    "Message: " . $Message,
    "From: Web Registration <regform@domain.ie>" );

  mail( $email_address, "Welcome to the Mailing List",
    "Dear " . $Title . " " . $SName . ",\r\n\r\n" .
    "Thanks for joining the mailing list." . "\r\n" .
    "We'll keep you up to date about exciting events and special offers." . "\r\n" .
    "Be in touch soon!". "\r\n\r\n" .
    " Department Store",
    "From: MailingList <regform@domain.ie>\r\n" );

  header( "Location: thankyou.htm" );
}else{
  echo "<br><br></br></br>";
  echo "You will be re-directed back to the registration page in 10 seconds.......";
  echo '<META HTTP-EQUIV="Refresh" Content="10; URL=register.htm">';
}
  
?>

 

 

2. change all your passwords DO NOT store them

 

Thanks

 

3. Are you on a shared server?

 

Yes

 

4. In your FTP program - change password - do NOT store

 

Thanks,  we checked our logs and there doesn't appear to be any FTP activity but we'll change them anyway.