Author Topic: My bounce.php script is corrupted (Read 3124 times)

edbagley · « **on:** September 26, 2007, 02:07:23 am »

Apparently my bounce.php script has been corrupted. My host (Host4Profit) informed me thus:

"I have disabled the /mail/bounce.php on your account. This script got
put into a nasty loop this morning, attempting to unsubscribe your
email address (edited@example.com) from the list over and over and
over. Eventually, there were over 110,000 emails in the mail queue!

I am not sure if this is a bug some hackers found and are using to
cause this type of issue. Based on the way the "hit" to the
bounce.php is occurring, I am guessing it is. They send the URL to
unsubscribe, pointing back to itself it appears, causing this loop."

Then my bounce.php script was re-enabled and my host got another 25,000 bounces, screwing up their server. I am not nearly clever enough to know how to re-enable my bounce.php script.

Any help you could give would be greatly appreciated. Here is another message from my host on the same topic:

"The problematic interaction is with a specific PHP file on
your account (and thereby on our hosting server). That file, as noted
in our message, is http://www.example.com/mail/bounce.php.

I recommend using ListMail's support forum to post a message asking
for assistance and letting them know that your hosting company advised
you that the script was being accessed by automated unsubscription
requests to your own sender address and the script appeared to be
vulnerable to using this method to bog down a server's mail queue.
They may already have a update patch to correct the problem."

Any ideas? Is there a fix already in this resource I can copy and send my host?

Ed Bagley

DW · « **Reply #1 on:** September 26, 2007, 04:39:18 pm »

Hi Ed,

I will contact Host4Profit with the contents of this post and some suggestions to try to get to the bottom of this.

Regards

DW · « **Reply #2 on:** September 27, 2007, 01:10:22 am »

Hi Ed,

I wrote H4P and heard back. They also provided some of the bounced messages which were very helpful. For starters, your ISP is blocking your Signup Notifications. Please update your List Settings "Notification email" to an email address hosted on Host4Profit so it will never bounce.

This should stop any potential chain reactions. I have replied to H4P's reply. I am still investigating and expect to hear back again.

Regards

PS. For your protection please try to avoid posting your email address or domain name in the forum. I have removed this information from your original post.

edbagley · « **Reply #3 on:** September 27, 2007, 11:22:17 am »

Dean,

I went to "email notifications" and unchecked the button that says "notify when a user is removed for bouncing". Will this solve the problem? I do not want emails going to H4P. I want my email address to remain as it is: edbagley@comcast.net.

What bothers me the most is the fact that since my inception with ListMailPro I have never had a bouncing problem with H4P until now. I most certainly did not create the current problem which came from nowhere and we are forced to deal with it.

Ed Bagley

DW · « **Reply #4 on:** September 27, 2007, 01:08:30 pm »

Hi Ed,

You won't find much better shared email service than Host4Profit - they actively work on blocks to keep your email delivered. Temporary and permanent blocks can come and go, especially on shared hosting, and are a normal part of running an opt-in list. Your email address provider, Comcast, aggressively blocks email without your knowledge. If you want to continue using your address for bounce notifications I recommend speaking with them about the possibility of whitelisting your domain. I'm not sure if they do this or how many days it takes to respond. Obviously a bouncing notification is very bad for ListMail (I'm working on fixing that) so I must again recommend using a separate email account for notifications - preferably, one on the ListMail domain that is highly unlikely to bounce.

Regards

mike2 · « **Reply #5 on:** September 28, 2007, 09:21:28 am »

Comcast is absolutely horrible for blocking your wanted emails for you without you knowing it.

I constantly have customers that purchase from me using a comcast address and I go to send them their login details and it comes back as blocked.

I continually go through their supposed unblock process, but it happens again later...

I second a change...