Re: Be careful! Look at what this spammer did.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

My website form also appeared to get "hacked" (I'm using that term very loosely), although I have no idea if anything actually got hacked. It definitely seems like an automated script that crawls the net probing every form.
It triggered a bunch of emails to me but nothing that I wouldn't have got from someone filling in the form normally so I can't see what damage it has done. Perhaps (this is a GUESS) it has emailed the spammer useful information but I don't know how I could possibly tell if that has happened.
This is an example of one of the emails I got sent (a simple details collecting form) - the interesting bit is in the "Job Title" field: 
==========================================
Name: nshanoa@xxxxxxxxxxxxxx

Email: nshanoa@xxxxxxxxxxxxxx
Job Title: nshanoa@xxxxxxxxxxxxxx Content-Type: multipart/mixed; boundary="===============1157386915==" MIME-Version: 1.0 Subject: 90cfd7d5 To: nshanoa@xxxxxxxxxxxxxx bcc: mhkoch321@xxxxxxx From: nshanoa@xxxxxxxxxxxxxx This is a multi-part message in MIME format. --===============1157386915== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit pzkd --===============1157386915==-- 

Company Name: nshanoa@xxxxxxxxxxxxxx

Company Website: nshanoa@xxxxxxxxxxxxxx

Telephone: nshanoa@xxxxxxxxxxxxxx

Location: nshanoa@xxxxxxxxxxxxxx
===========================================
Notice that their "hack" contains a BCC to "mhkoch321@xxxxxxx". Perhaps this is an email account set up by the "hacker". 

Richard Lynch wrote:
 > Put a CAPTCHA on the form.


The jerk is probably not actually using your form, but a script that
walks the net looking for forms that have name="xyz" where xyz is
something that looks like a contact form or the URL has "contact" in
it or...

Anyway, if CAPTCHA doesn't do it, you can also put in a throttle to
only accept N posts from IP a.b.c.d within X hours.
I don't know what a CAPTCHA is but I'm going to take your second suggestion and make it only accept X form submits from each IP address over Y hours. 

Alex

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux