Community Add-Ons

Option 2 checks wheter the "customers" email adress is from the shops domain.

This file edites option 2, to not use any hardcoded domein information, besides configure.php.

All credits go to the original makers of the contributes.

I added a change this will make it so that the contact us form will not send an email if the user (or script) entered an email from your domain.

Update these solutions with to more solution to the Email header injection problem - provided by Mattice and Christian Lescuyer.

Updated the file which had an incorrect file name and location, and added a small amount of extra info.

Vger

Added a solution to the spam.relay bot problem.

A new attack hits contact_pages lately - not only osC-relateded ones. The attacker is hoping to exploit unchecked fields in a "web to email" form. The attack works by assuming a field used in an email header (such as the "From:" address or the "Subject:") is passed unchecked to the mail subsystem. Appending a newline character and a few more carefully crafted header lines with a BCC list and a spam message body might trick the underlying mail system into relaying spam for the attacker. An initial test sending a BCC copy to someadress@aol.com has been used on a lot of forms around the web - including guestbooks/forums/blogs - to phish for vulnerable scripts.

And added a nise layout :D

All Credits go to the original makers of the solutions...

This is a file containing many of the possible solutions to the Contact Us form abuse issue. There are quite a few spread through out the forums and contribs so I condensed them into one. Missing are the original authors of the solutions. Feel free to modify or correct the file.