I realized yesterday that a contact form on our site was being exploited (header injection). I've been trying to block it, but things keep getting through.<br />I decided to set up a logging system ?when someone uses the form, everything they submit is stored to a file using fopen, fwrite, and fclose<br /><br />I spent <i>all day</i> trying to add this to our script. What I just realized is that if I call, for example, fopen("contact.log","a"); , the script crashes. EVERY TIME. I've wasted a day, and don't know what to do?<!--content-->
Welcome to the forums PathDé–¹æ°n <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="
" border="0" alt="smile.gif" /><br /><br />Have you changed the permissions of the log file to 666 (world writeable)? Have you checked the error log in cPanel to see what errors you are getting?<!--content-->
Welcome to the forums, PathDé–¹æ°n! <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/thumbup1.gif" style="vertical-align:middle" emoid=":thumbup1:" border="0" alt="thumbup1.gif" /><!--content-->
Welcome to the forums, PathDé–¹æ°n <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /> <br /><br />What form script are you using?<!--content-->
Permissions turned out to be the main issue ?my ftp client kept changing them. Thanks, Bruce.<br /><br />Don ?I wasn't the original site writer, but I believe it's homegrown. I'll keep updating its checks as the attempts get logged.<br /><br />And thanks to everyone else for the warm welcome.<!--content-->
Welcome to the forum, PathDé–¹æ°n. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
Welcome to the forums! Glad you got it figured out.<!--content-->
<!--QuoteBegin-PathDé–¹æ°n+Sep 11 2005, 09:16 PM--><div class='quotetop'>QUOTE(PathDé–¹æ°n @ Sep 11 2005, 09:16 PM)</div><div class='quotemain'><!--QuoteEBegin-->Permissions turned out to be the main issue ?my ftp client kept changing them. Thanks, Bruce.<!--QuoteEnd--></div><!--QuoteEEnd--><br />Glad I could help. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
You may want to consider changing to a more secure script.<br /><br />I found a link that may help with seeing how the form can be compromized.<br /><br /><a href="http://securephp.damonkohler.com/index.php/Email_Injection" target="_blank">Email Injection</a> shows how it is done.<!--content-->
Welcome to the forum, PathDé–¹æ°n. Glad you got it working.<!--content-->
Welcome to the forums PathDé–¹æ°n <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="
" border="0" alt="smile.gif" /><br /><br />Have you changed the permissions of the log file to 666 (world writeable)? Have you checked the error log in cPanel to see what errors you are getting?<!--content-->Welcome to the forums, PathDé–¹æ°n! <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/thumbup1.gif" style="vertical-align:middle" emoid=":thumbup1:" border="0" alt="thumbup1.gif" /><!--content-->
Welcome to the forums, PathDé–¹æ°n <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="
" border="0" alt="smile.gif" /> <br /><br />What form script are you using?<!--content-->Permissions turned out to be the main issue ?my ftp client kept changing them. Thanks, Bruce.<br /><br />Don ?I wasn't the original site writer, but I believe it's homegrown. I'll keep updating its checks as the attempts get logged.<br /><br />And thanks to everyone else for the warm welcome.<!--content-->
Welcome to the forum, PathDé–¹æ°n. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="
" border="0" alt="smile.gif" /><!--content-->Welcome to the forums! Glad you got it figured out.<!--content-->
<!--QuoteBegin-PathDé–¹æ°n+Sep 11 2005, 09:16 PM--><div class='quotetop'>QUOTE(PathDé–¹æ°n @ Sep 11 2005, 09:16 PM)</div><div class='quotemain'><!--QuoteEBegin-->Permissions turned out to be the main issue ?my ftp client kept changing them. Thanks, Bruce.<!--QuoteEnd--></div><!--QuoteEEnd--><br />Glad I could help. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="
" border="0" alt="smile.gif" /><!--content-->You may want to consider changing to a more secure script.<br /><br />I found a link that may help with seeing how the form can be compromized.<br /><br /><a href="http://securephp.damonkohler.com/index.php/Email_Injection" target="_blank">Email Injection</a> shows how it is done.<!--content-->
Welcome to the forum, PathDé–¹æ°n. Glad you got it working.<!--content-->