CodeIgniter Forums
CI's Email.php is being exploited to push out spam... - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forum-21.html)
+--- Thread: CI's Email.php is being exploited to push out spam... (/thread-56171.html)



CI's Email.php is being exploited to push out spam... - El Forum - 11-30-2012

[eluser]lc317[/eluser]
I'm new to CodeIgniter, and am now managing a page that uses it. The website has a simple contact form that has been exploited by spammers in the last 72 hours. Looking the spam's headers, they are pushing spam through CodeIgniter's "Email.php" file....I've since removed the file (we are getting hammered with complaints), but of course now am in need of an alternative, as the page needs to have the contact functionality. So, as a newbie, I am looking for some guidance here, so I can get our contact form back up and take proper measures to minimize future risks. Thanks for any help!




CI's Email.php is being exploited to push out spam... - El Forum - 11-30-2012

[eluser]PhilTem[/eluser]
Does your contact form have any mechanism of determining such abuses e.g. by using a CAPTCHA or by limiting the mails sent per hour?

If not then that's two things you might want to implement Wink


CI's Email.php is being exploited to push out spam... - El Forum - 12-04-2012

[eluser]lc317[/eluser]
[quote author="PhilTem" date="1354324190"]Does your contact form have any mechanism of determining such abuses e.g. by using a CAPTCHA or by limiting the mails sent per hour?[/quote]


Thanks for responding...Well, I have spent the last few days trying to get ReCaptcha to work on my form, but I can't get it working. It displays fine, but it doesn't work and the user just clicks past it. The captcha is displayed on the form, but I have no clue as to what or where to add the ReCaptcha server-side key, or where to put the recaptcha code in CI's contact.php controller (which we used to push email). I don't want to setup a new DB table for CI's built-in captcha functionality, so it seemed like Recatcha was a good compromise. Experimented a bit with the Ajax implementation, and I can't get that to work either! I could realllllly use some guidance as I'm know I'm getting this close to working, thanks for any help here


I've inserted the following into my form, but unsure as to where I add this in the CI controller to actually get it to work (slightly edited here):

script type="text/javascript"
src="http://www.google.com/recaptcha/api/challenge?k=your_public_key">
/script>
noscript>
<iframe src="http://www.google.com/recaptcha/api/noscript?k=your_public_key"
height="300" width="500" frameborder="0"&gt;&lt;/iframe><br>
&lt;textarea name="recaptcha_challenge_field" rows="3" cols="40"&gt;
&lt;/textarea&gt;
&lt;input type="hidden" name="recaptcha_response_field"
value="manual_challenge"&gt;
</noscript>


CI's Email.php is being exploited to push out spam... - El Forum - 12-04-2012

[eluser]lc317[/eluser]
Can someone recommend another forum, or place where I can get timely advice/assistance with setting up a basic recaptcha on a simple form? I am getting desperate here...fluent in HTML/CSS, just need some guidance in setting up the CI controller portion of the recaptcha implementation so it will function. Thanks


CI's Email.php is being exploited to push out spam... - El Forum - 12-05-2012

[eluser]pickupman[/eluser]
A quick google search can go a long way. Here's a [url="http://ellislab.com/forums/viewthread/223099/#1026069"]ReCaptcha Library[/url] posted in the forums. Someone has linked their github repo with detailed instructions.

You need to validate the response from reCaptcha before sending the email.