Ai me pediram que corrigisse o arquivo ou alterasse meu script. Eu mesmo que fiz o script depois de ter aprendido e tal, mas ta bem basico assim como meu conhecimento em PHP.
Segue abaixo o script que está possibilitando o envio de SPAM por pessoas mau intencionadas.
______________________________________________________
<?
$data = date("d/m/Y h:i");
$ip = $_POST['hiip'];
$departamento = $_POST['sldepartamento'];
$nome = $_POST['txnome'];
$email = $_POST['txemail'];
$cidade = $_POST['txcidade'];
$estado = $_POST['slestado'];
$ddd = $_POST['txddd'];
$telefone = $_POST['txtelefone'];
$conheceu = $_POST['slconheceu'];
$mensagem = $_POST['tamensagem'];
$destino = "email@meudominios.com.br";
$assunto = "Contato via site!";
$header = "From: $email\n";
$header .= "Reply-to: $email_reply\n";
$header .= "Content-Type: text/html; charset=iso-8859-1\n";
$header .= "X-Mailer: PHP4 Script Language\n";
$header .= "X-Accept-Language: en\n";
$header .= "MIME-Version: 1.0\n";
$header .= "Content-Transfer-Encoding: 7bit\n";
$msg = "Nome: $nome<br>";
$msg .= "E-mail: $email<br>";
$msg .= "Cidade: $cidade - $estado<br>";
$msg .= "Telefone: $ddd - $telefone<br>";
$msg .= "Como nos Conheceu?: $conheceu<br><br>";
$msg .= "Mensagem: $mensagem<br>";
$msg .= "Mensagem enviada: $data<br>";
$msg .= "IP da máquina do contato: $ip<br>";
if ($nome == "")
{
echo "<script>alert(\"Por favor digite seu Nome!\");history.back();</script>";
return (false);
}
if ($telefone == "")
{
echo "<script>alert(\"Por favor digite seu Telefone!\");history.back();</script>";
return (false);
} else {
mail ($destino, $assunto, nl2br($msg), $header);
if (mail) {
echo "<script>alert(\"Seus dados enviados com sucesso!\"); window.location=(\"http://www.meusite.com.br\");</script>";
}
}
?>
______________________________________________________
Não quero colocar um script pronto que achar na net, quero usar meu próprio script, por isso quero achar qual a flaha corrigir e continuar utilizando meu script.
Abaixo alguns exemplos das muitas mensagens que eu mesmo ando recebendo:
1.______________________________________________________
also
8990857fb2d758779b9f7e0f76e75b97
.
Reply-to:
Content-Type: text/html; charset=iso-8859-1
X-Mailer: PHP4 Script Language
X-Accept-Language: en
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Nome: they5004@domain.com.br<br>E-mail: hams
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
X-Mailer: Microsoft Outlook, Build 10.0.2627
Subject: and soak up
bcc: topcopl2@aol.com
also
______________________________________________________
2.______________________________________________________
TTEN Continues Explosive Growth
TTEN *** TTEN *** TTEN
TTEN - Ten & 10, Inc.
GROUND FLOOR opportunity in the WIFI Industry!!
Current Price: .06
Short Term Target: .50
TTEN has diversified from China business focus to a much more broad base, including the USA, Europe, Latin America as well as other areas of Asia.
Within 12 months they are expected to generate over $2 MILLION in NET INCOME; Over $200 MILLION in 5 years.
TTEN recently announced a key development which will allow them to provide Value Added Services to the over 55 million wireless subscribers of ChinaMobile\'s Guangzhou Division through its joint venture with IEC. China Mobile is the largest telecommunications provider in China, and the largest among all the overseas listed Chinese companies on the Hong Kong and NewYork Stock Exchanges.
TTEN is made up of 4 operating subsidiaries:
* Tech 10: WIFI and WiMAX
* Mobile 10: Music and mobile entertainment delivered via Internet, G3, etc
* Dream Learning Center: Digital Media Learning products
* Ten & 10 Network: Sales and marketing
Telecommunications is globally a TRILLION dollar industry.
Based on the figures and the company\'s position in the market, see explosive growth as a newly traded company - 500%-1000% is not uncommon. .
. an incredible profit to investors.
Any of the above statements with respect to the future predications or
goals and events may be seen as only Forward Looking and nothing else. All
information inside this email pertaining to any sort of financial advice
needs to be understood as information and not advice. None of the
information above can be constructed as any sort of financial advice. This
has been a paid advertisement.
______________________________________________________
3.______________________________________________________
Nome: sale5199@domain.com.br
E-mail: sale5199@domain.com.br
Cidade: sale5199@domain.com.br -
Telefone: this Content-Transfer-Encoding: quoted-printable Content-Type: text/html Subject: raditionally the skin is left on the bcc: wizardw@dogdayinmw.com but the term is usually restricted to a cut of pork, the haunch of a pig or= boar. lthough it can be cooked and served fresh, most ham is cured in some= fashion. am 55519eecb5bfc24d5551f532447e0df7 . - sale5199@domain.com.br
Como nos Conheceu?:
Mensagem: sale5199@domain.com.br
Mensagem enviada: 11/12/2006 02:19
IP da máquina do contato:
______________________________________________________
Não faço a menor idéia de como conseguem usar meu site para fazer isso, ja cheguei a receber de uma só vez mais 150 e-mails nesses formatos e outros.
Agradeço quem puder me ajudar!
PHP-Man
Edição feita por: PHP-man, 22/01/2007, 21:11.