0

I made a PHP form that has been running very smoothly for a few months now. Lately, however, it's been getting a lot of spam. Maybe 100 messages a day. The form is now working sporadically and I have no idea why. None of the code was altered in any way.

My question is: on the server end, could it be possible that the php configuration file was changed or that the server is somehow blocking the mail from going through on a periodic basis?

Basically when a visitor tries to submit the form, they sometimes get a message saying that the mail was not sent on the web page itself. If you don't get the message, it goes through fine.

I realize there isn't much to go with, but I'm simply looking for possibilities. We had a working form that passed 300+ tests without a hiccup, and now for some reason it only works some of the time.

user3216933
  • 275
  • 1
  • 3
  • 11
  • 1
    If you're getting spam from it, it's probably also being used to send out spam from your server, and I'd bet you are exceeding some limit for sending email. – Jessica Apr 30 '14 at 16:35
  • I'd also recommend adding lots of logging, so you're writing to the database whenever the form is called, with all the contents. It'll let you see if there's a pattern for what legitimate emails are being blocked. – andrewsi Apr 30 '14 at 16:36
  • @andrewsi Currently the form is not connected to any database...@Jessica Is there any reliable way to test this? – user3216933 Apr 30 '14 at 16:38
  • @user3216933 - you can also write to a text file. Basically, it's a way of seeing what's being sent, so you can compare it with what's being received. Also, do you have access to the mail server's logs? It would be worth a look there at one of the emails that wasn't sent to see why. – andrewsi Apr 30 '14 at 16:40
  • @andrewsi - I don't have access to the server logs.. as for writing the text file, is there any tutorial on this? What are the chances that the form is somehow being manipulated to send out email? It is basically just a feedback form that sends mail TO addresses that are already specified in the mailer file. – user3216933 Apr 30 '14 at 16:49
  • @user3216933 - there are a few ways to use someone's form to send spam, but without seeing the code, it's pretty much guesswork - so long as you're not using any user-provided information in the headers, you're probably fine. As to writing log files, there are a couple of snippets on the man page for `fwrite` you can re-purpose: http://www.php.net/manual/en/function.fwrite.php – andrewsi Apr 30 '14 at 16:55
  • &andrewsi: thanks for your help. the form is using strip_tags in the headers (i.e. from: email and reply to: email) I know this isn't the best practice, but do you think i'm probably fine? I really want to be proactive and make sure the form is not being manipulated. The last thing I want is the server IP blacklisted – user3216933 Apr 30 '14 at 17:25
  • It seems that when I clear my cache, I can submit the form again. Any other *guesses* at this point as to what might be going on? – user3216933 Apr 30 '14 at 19:15

0 Answers0