What's new
By:
Filters

ESMB is back. Again.

Emma

Emma

Con te partirò
Administrator
Again Ethercat to the rescue. What would we do without you? Seriously, you are gold.

Thank-You.jpg
 
S

suspiciousperson

Patron with Honors
You don't have register globals* turned on do you by any chance? That would be one other way they could alter the flow of the script and remove your to, depending upon quite how badly the script is written, e.g. if it's something like

PHP: 
/* $to set to your wanted value up here somewhere */

if($debug){ //$debug not initialised anywhere in script so $debug should always == (but not ===) false. However, spammers need to do is stick a &debug=true into the request querystring or post data, and I think even possibly cookies as well, and bobs yer uncle, if register globals is on

$to = $_POST['to']

}

/* sends email here */

On normal php setups spammers couldn't exploit this bug because register globals is almost always turned off these days. But it doesn't have to be, particularly if you are using an old php.ini or one you setup to let a very old script run that relied on register globals.

*an infamously stupid "helpful" technology, pretty archaic by now and I think actually entirely removed from the latest versions of php but I dunno what server setup you're running
 
You must log in or register to reply here.

Similar threads

Emma
Change to newly registered members functionality
2
Replies
29
Views
10K
Ogsonofgroo
Ogsonofgroo
DCAnon
How to make the spam STOP (and have fun doing it)
Replies
11
Views
2K
8-8008
8-8008
8-8008ASHO
ASHO / AOLA 2007-2010
Replies
10
Views
3K
8-8008ASHO
8-8008ASHO
RogerB
GMail Hacked--Passwords "Released" by Hackers
2
Replies
22
Views
4K
Claire Swazey
Claire Swazey
Emma
Important information for new members
Replies
0
Views
13K
Emma
Emma
Top