How to check the headers of the email received to confirm sender

As the internet grows and the businesses associated with it expand so do the security issues and if you are not alert you could end up with serious problems. I would like to share the following which happened to one of our employees and had his customer not been alert he would have lost a lot of money.

The company I work for requests customers to pay the amount for the car they are interested in buying via telegraph transfer. Our sales personnel forward the bank details to their customers so they can make payment. Once payment is received the car is shipped to the customer and the transaction is completed and every one lives happily ever after :).

However one day a customer of one of our sales team contacted him and inquired why the bank details had changed so quickly. The person in question was quite surprised by this and told him that there was no change in the bank details and they are the same. His customer then forwarded him the email which contained the new bank details. When our staff reviewed those details they were indeed changed and we asked the customer to not make any payment to those details. We then asked him to send us the snap shot of the headers of the email he had received.

After reviewing the snap shot of the email headers we found that some one had used emkei.cz to send the email with the new bank details.

If the customer had not been alert and if he had not contacted us he would have transferred the money to the wrong account and would have lost a lot of money.

Here is an example of the headers in the email sent out by emkei.cz

emkei.cz in the email headers

Here is the website itself

emkei.cz website

If you would like to see how many websites allow a person to generate fake emails and fake email addresses then you will be surprised by the numbers.

How to disallow executable scripts from executing using htaccess

I came across an issue recently in which the client complained that his hosting provider had suspended his website account due to large number of spam emails being sent from this website. The client website was a small 5 page website and CAPTCHA had been implemented on the Contact Us form.

After talking with client’s hosting support I found that the emails were being sent from .php and .pl scripts in the images folder. The images folder had 777 permission meaning that any file could be read, written to and modifiied. I first changed the permissions to 755 and then removed all executable scripts from that folder.

Next I uploaded an .htaccess file to disallow any executable script from running in the images folder. The contents of the .htaccess file are as follows


 Order Allow,Deny
 Deny from all

As can be seen from above the htaccess will now disallow an script or file which does not belong in the images folder. Please see below

Hope the above helped and let me know if you encounter any problems.