Website email scripts hacked

Many webmasters have noticed strange activities in their server logs recently. It seems that bots or viruses are testing their email scripts for vulnerabilities. In many cases they do exist. The bots hack the sites by entering data into the email script and sending emails to whomever they wish in effect making your website a spam site.

Issue:
The problem this poses to you is that your website might be blacklisted by other services like AOL, Yahoo, etc. When their users get spam, they can easily click a button to tag it as spam and have it reviewed by the email service provider. If enough emails from your IP address where your website is hosted are tagged as spam, the email service provider will notify your ISP that the IP address will be blacklisted if action is not taken. Your ISP will usually suspend your account at this point and your website will be down.

Solution:
Make sure your email scripts on your website are secure. Create some checks and balances when the script tries to send an email. Make sure your script checks that the email being sent is legitimate based on data you have in your system or business logic. For instance, if you know your website only sends emails to people who are in your database, then check for it.

Leave a Reply

Your email address will not be published.