Recently our contact forms on the website have been receiving messages with html links in the text entry fields. I'm assuming that a bot or something is using my mail script and bypassing the contact form.
I have seen posts about most other mail scripts in PHP that say the bots are injecting their own header information and effectively writing the message to their own BCC list.
Does someone have a thread out there about this and what can I do to keep people from sending html links through my forms to their own list. How do I check to see if they're successful or if I'm just getting a bunch of tests hitting the form and that the messages are only coming to me, the specified recipient.
I believe someone is using my contact form and sending out spam. I'm getting thousands of undeliverable emails.
I don't know anything about asp. Someone who use to work here wrote the form processing script and it seems that all the forms on different domains are being processed by this script. It seems like they didn't do any sort of validation or checks and on one website there are hundreds of pages with the contact form, i could do it in php but that is way too much work.....
I have feedback forms on several of my sites and recently, they have been plagued with email injection attacks.
The forms are pretty straight-forward. Half a dozen fields get submitted to a formhandler.asp page where the contents are sent to some hard-coded email addresses using ASPmail.
From what I understand about how this works, spambots are used to add carriage returns after some of the form fields and then adding BCCs in to use the form to send out spam to other addresses. Here's an example of the emails I'm getting: .....
It doesnt thow any errors, but no email is being sent!
'-------------------------------------------------------------- '-------- now use CDOSYS to send email because im using IIS5.1 '-------------------------------------------------------------- Dim objConfiguration Dim objFields Dim objMessage Set objConfiguration = CreateObject("CDO.Configuration") Set objFields = objConfiguration.Fields With objFields .Item(cdoSendUsingMethod) = cdoSendUsingPort .Item(cdoSMTPServer) ="localhost" .Item(cdoSMTPServerPort) = 25 .Item(cdoSMTPAuthenticate) = cdoBasic .Update End With
Set objMessage = CreateObject("CDO.Message") With objMessage Set .Configuration = objConfiguration .From = "mark@mark.com" .To = "mark-wheeler@tiscali.co.uk" .Subject = "Here comes a Subject" .TextBody = "Here is a text body" .Send End With Set objMessage = Nothing Set objConfiguration = Nothing
I am trying CDOSYS code to send out email. The problem is when I try to send email to gmail and hotmail account, it never works. Means, no email appears at gmail and hotmail account. But when I send it to yahoo mail, it works.
I run the code at localhost. I use Win XP Pro. I just wonder why this happen. Can someone explain to me?
I used the below code to try and send an e-mail. On my local machine (XP machine) using IIS, the e-mail got generated and was placed in this folder.
C:InetpubmailrootQueue
So I am assuming the mail got generated correctly and the reason the e-mail did not get sent is that I do not have SMTP setup in my IIS. Do you agree with this statement? The reason I asked that is because I am not sure if I have SMTP setup or not in IIS and I am not sure how I check that.
To continue, I migrated my code up to the production web server and I tried executing it there. I have some display.write statements and they all were displayed so again, I am assuming the mail got generated correctly.
The problem is that the e-mail was not sent (or at least I am assuming it did not because I do not see the e-mail in my inbox).
I have never generated an e-mail before so this process is new to me. My code will be attached below but I was trying to understand some basic concepts.
-If I get my code to work on my local machine thru IIS, should it then also work in the production environment?
-It seems like I am calling so pretty specific components for the configuration settings. Is this the correct way to handle this?
-If you are familiar with this type of code, have I implemented this correctly? I would assume I have not since an e-mail is not getting set.....
I have a form that needs to handle international characters withing the UTF-8 character set. I have tried all the recommended strategies for getting utf-8 characters from form input to email message and I cannot get it to work. I need to stay with classic asp for this.
Here are some things I tried:
'CDONTS Call msg.SetLocaleIDs(65001)
'CDOSYS msg.HTMLBodyPart.Charset = "utf-8"
I included the following meta tag in the email HTML: <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
I also tried modifying the CharSet and CodePage of all involved Request and Responses.
I was able to Response.Write the form content on post back to the screen and it was properly rendered. However, none of my efforts can get the email to render with the correct codebase. I have tried opening the email in Outlook and Thunderbird. Neither one picks up on the UTF-8 charset meta tag.
can anyone post or direct me to a code snippet for sending a plaintext/html mutlipart email using CDOSYS? I can do basic code, but this is way beyond me. If a user enters html into a form, is there a way for code to strip that out and leave only plaintext behind?
The idea is that a user would fill in one html field, the form would email it in multipart, with one part using the html the user entered and the plaintext part using the same info but with the html code stripped out.
I'm running a mailing list which has grown to around 5000 recipients. I'm currently using ASP to cycle through a database of recipients to send each a custom email with their name, unsubscribe link etc.
Currently I'm using CDOSYS to send the mail, and have set up a page to trigger the emails in batches of 50 so that they don't create blockages on the mail server.
Is it possible to queue emails with CDOSYS, since this would mean I could fire all the emails at once, safe in the knowledge that they will all be dealt with without a problem.
I've used the ASPEmail component before which does this, and it was very effective, but sadly it's not an option to use it on this domain.
Can someone please tell me if its possible to create an instance of CDOSYS (to send an emails) on one host and have the email sent from another host.. or are there obvious gaps in my understanding of what takes place when one tries to send an email using CDOSYS or CDONTS?
I contacted my hosting people and they said they're running Windows 2003, which uses CDOSYS and not CDONT. So, I followed the advice on the sitepoint site for converting to CDOSYS and have concocted the following script: ....
cdosys body text is not being sent by email. Please see if you can spot the problem. Everything below emailHeader & emailFooter is not being sent by email.
see code below:
<!--- BEGIN CDOSYS CODE --->
<% dim strBody Set MailObj=CreateObject("CDO.Message") MailObj.Subject="Your Online order from store-website" MailObj.From= "store@store.com" MailObj.To= Request.Form.Item("cEmail") MailObj.Bcc="store@store.com" MailObj.TextBody = strBody
I've set up a website contact page which uses CDOSYS to send form details to an email address.
However, the domain is set up such as the client is using their own mail server, and using my server only to host the website.
Ordinarily I would set up hosting with email and change the nameservers of the domain to point to my server, but in this case the client is keeping the nameserver details the same, but just updating the A record to point to my server to display the website.
Trouble is, the CDOSYS email doesn't seem to work with this set-up. Do I need to hard code their mail server IP somewhere to get it to work?
I've been using CDOSYS Mail and this bit of code fine for a year. Well, we wanted to change the method of sending email from the Webserver sending it, to designating a specific SMPT server.
So, I found this code on MSFT's web site (MSFT CDOSYS SMTP ) that will allow me to do this, and it works, except that the redirect command that I have at the end of the file no longer works. I have no idea why.
Thi is the error I get: error '8004020f' /asp/send_email_foundation_conf.asp, line 78
Has anyone been able to use a variable for the To: line with CDOSYS? When I put in a specific address like: myMail.To = "webster@thisplace.org" it works fine. When I put in a variable like: myMail.To = areaDirector it doesn't work. I did a reponse.write on the areaDirector and it comes out like it's supposed to: Join Bytes!
Any ideas? Does it have something to do with the quote marks?
is it possible to rn a client side vbscript to send messages using cdo.message and cdo.configuration? what are the requirements to do this? my wks are xp and 2000 and all have cdosys.dll registered. do i have to have outlook express loaded.
i have workstations that don't have outlook but rather lotus notes and want to send email to an smtp server. these emails have local attachment thus the need to run client script versus server scripts. is this possible or am i on the wrong track.
I am running Win XP and have installed the IIS SMTP service, however I'm not sure what I need to do to configure both the SMTP service and CDOSYS properly to allow me to send out email from an ASP script.
THE PROBLEM:
What is happening is the email is not sent and goes to the 'c:InetpubmailrootQueue' folder. I have checked the event viewer and the error I receive is:
Message delivery to the remote domain 'yahoo.com' failed for the following reason: The remote server did not respond to a connection attempt.
I believe the SMTP service isn't setup correctly or I haven't configured CDOSYS properly in my ASP script.
The CDOSYS part of my ASP script is setup as follows (I am using Javascript with ASP btw):
I am new to asp i am facing in sending the contact form sending through email using cdosys the following is the code server space work on Microsoft Windows 2003 w/IIS 6.0.
When i press send button i get a error as The page cannot be displayed and HTTP 500 - Internal server error .....
i recently finished a tutorial on cdonts and finished putting together the page and form etc. now ive been reading and it seems cdonts is being discontinued and cdosys is taking over. does this mean that my cdonts will not work and i have to trnasfer it to cdosys ?
how can i transfer it to cdosys ? or do i have to make a completely new mail script?
I have a CDOSYS mail and it's working ok but it sends plain text massage. But i want to send with images and links. But when i put a link with image in the .HTMLBody field like <a href="http://www.mysite.com/"><img src="file:///C:/My Documents/image.gif" border="0"></a> so, i got an error message.
I am trying to get a asp-mailer setup that will send a specified attachment. I have tried both CDONTS and CDOSYS methods ... both are giving me headaches.
And the best part is how incredibly helpful the error is: (Sarcasm Intended)
Error Type: (0x80004005) Unspecified error <-- They should change that error to ... "Good Luck!" /knowledgetree/emailer-drivers.asp, line 90 I hilighted the above line in the code as well.
A client wants a splash page with the option of going to his website with the flash header or the one with the .JPG header.
Now it's only the header that will be different and all the content will be the same. I don't want to make two seperate websites, because I'll have to update it twice then. Is there a way to just have the header change, without using frames. Maybe SSI,
I recently built a login page and a friend of mine was working on something similar and said that I need to protect the login from SQL injection. I am not really sure what exactly that is. I think I have a rough idea but can someone explain it to me? In addition, I will need to obviously protect what I built and am not sure how to go about doing that either.
if anybody has a list of dodgy characters that can be used for sql injection attacks so that i can figure out a way to strip them from user inputs? Also if somebody was filling in a form, that inserts into a "memo" field in access could this be used to launch such an attack or would whatever they type simply be inserted into the field? i hope that bit is clear. i have a form field "message" which is a multi line text box, if someone typed into that box
DELETE * FROM Messages WHERE MessageID =1205
or some other command would that simply be inserted in to the database or would the server try and execute the command??
I have heard a lot about SQL Injection. I was wondering how does an injector come to know about the table/column name when they cannot see the asp codes in a website?
Is it possible to "intercept" all calls to conn.execute and have them go to a checking routine that will either let the command go through or terminate it if it contains some illegal instructions? My clients company has had its hacker free status revoked due to the possibility of sql injection. I could put a function before every single conn.execute but we have hundreds of them. Just wondering if there is some way of telling it to do something else first. Maybe I can redefine conn.execute somehow?