Email Injection Issue - Is there a fix yet? (3 posts)

  1. c0y0te
    Posted 10 years ago #

    Folks - I received the following email from my webhoster regarding security issues:-

    If your site uses the PHP mail() function to send mail from a PHP page please read this message carefully.

    Over the last few weeks we have seen many unsecure contact form / feedback form / Refer and Tell a friend type forms been used to send out spam because of e-mail injection vulnerability. Many of these forms do not have any
    validation on user input data.

    Clients who use any of the above forms need to remove them NOW from their websites until they have been secured as they allow spammers to send out spam through our network.

    Please take this e-mail seriously.

    We have had to disable 20+ websites in the last 2 weeks because of this issue.

    Am I right in assuming this applies to wordpress, or at least to the "contact us" plugins out there? If so - is there a secure workaround or plugin available to address this issue or do I have to get rid of my plugin in order to stay hosted with my site?

    Looking for some advice please as I'm not a PHP guru. Thanks.

    "Howl @ The Moon!"

  2. c0y0te
    Posted 10 years ago #

    Also - I meant to add this link which I received from my web hoster in case it's of use to you PHP folks.


  3. xhan
    Posted 9 years ago #

    Something/one is sending out over £200 emails an hour and all my host has told me to do is http://www.securephpwiki.com/index.php/Email_Injection go there.

    I'm having to pay for the trouble this is causing me, and I really can't afford to do that.

    Any help would be really really appreciated, I'd even settle for a way to permanatly stop emails being sent from wordpress.

Topic Closed

This topic has been closed to new replies.

About this Topic