Opened 3 weeks ago

Last modified 3 weeks ago

#14619 assigned Bug/Something is broken

abuse of contact form

Reported by: Jamie McClelland Owned by: JaimeV
Priority: Medium Component: Tech
Keywords: Cc:
Sensitive: no

Description

There is a site with a contact form that is being abused, generating loads of email in the erica mailq: http://www.moxviquil.org/contacto

The main problem is that the form has a check box allowing the user to send a copy to themselves. That means, anyone can put any email address they want, and that email address will get a copy of the message (i.e. open relay).

I added a file to the web directory called contacto in order to quickly disable it. It contains a message pointing people to this ticket if they wish to fix the problem.

Jaime - can you notify the members? Thanks!

Change History (1)

comment:1 Changed 3 weeks ago by Jamie McClelland

Owner: set to JaimeV
Status: newassigned

Disabling the form didn't seem to work (the abusers are probably posting to the post URL).

After consulting the apache log, I added this to the Web Conf settings:

# web config for moxviquil.org

RewriteEngine On
RewriteCond "%{QUERY_STRING}" "option=com_contact"
RewriteRule "." "-" [F]

Now, they are being blocked from submitting the form too.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.