PHP contact form security (6 posts)

  1. kalico
    Posted 9 years ago #

    I hope it isn't out of line to ask a semi-non-WP question here...but I am posting in the Miscellaneous category, in hopes of maybe getting some advice from the php gurus here.

    I have just learned that my PHP contact form on a non-WordPress site has been compromised, and someone is using it to send spam. It was supposed to be a "secure" script, where we hardcode all the potential "to" addresses, and they are not revealed anywhere....but some hacker found a way around it, and sent plenty of messages to other people who were not hardcoded into the script!

    I have disabled the script, but now I have to figure out how to prevent this from happening again.

    My thoughts right now are to:

    1. Find a new mail form that is secure...but how will I know it's secure? That's why I'm asking here...what would I need to look for in a script, or does anyone have one that is reasonably "bullet proof"?

    2. Change the site over to WordPress (and use a WP contact form plugin). If a WP plugin would provide greater security than a standalone contact form, then I would be willing to take the time to create a custom theme, etc. and convert the whole thing into WP. I have a WP contact plugin running on another site, on the same server, and it has never been compromised.

    Any suggestions, warnings, or advice would be gratefully appreciated!

    TIA :)

  2. macsoft3
    Posted 9 years ago #

    I'm no PHP expert. And I don't know if there is such a completely secure PHP sendmail package that exists. We use phpFormGenerator. The forms we created with this free PHP script pack were hacked numerous times. They deleted files, even entire subdirectories. And after we took a few simple measures, they have been intact. Measures to take perhaps depend on scripts, I suppose.

    Tom Bluewater

  3. kalico
    Posted 9 years ago #

    Thanks, Tom. I appreciate your input and experience. I may just need to investigate how to secure the one I have. Off to Google for a while.... :)

  4. noworyz
    Posted 9 years ago #

    I use this script http://www.boaddrink.com/projects/phpformmail/index.htm and have had no problems with it as far as spam goes. I used to have the same issue you are describing before switching to this script. Give it a shot! Chris

  5. moshu
    Posted 9 years ago #

    Nothing is 100% bulletproof on the net...
    I use this plugin:
    and it also has a non-WP version!

  6. drmike
    Posted 9 years ago #

    Just for reference, what script were you using?

Topic Closed

This topic has been closed to new replies.

About this Topic