On 8/18/05, Alex Gemmell <agemmell@xxxxxxxxx> wrote: > My website form also appeared to get "hacked" (I'm using that term very > loosely), although I have no idea if anything actually got hacked. It > definitely seems like an automated script that crawls the net probing > every form. > > It triggered a bunch of emails to me but nothing that I wouldn't have > got from someone filling in the form normally so I can't see what damage > it has done. Perhaps (this is a GUESS) it has emailed the spammer > useful information but I don't know how I could possibly tell if that > has happened. > > This is an example of one of the emails I got sent (a simple details > collecting form) - the interesting bit is in the "Job Title" field: > ========================================== > Name: nshanoa@xxxxxxxxxxxxxx > > Email: nshanoa@xxxxxxxxxxxxxx > > Job Title: nshanoa@xxxxxxxxxxxxxx Content-Type: multipart/mixed; > boundary="===============1157386915==" MIME-Version: 1.0 Subject: > 90cfd7d5 To: nshanoa@xxxxxxxxxxxxxx bcc: mhkoch321@xxxxxxx From: > nshanoa@xxxxxxxxxxxxxx This is a multi-part message in MIME format. > --===============1157386915== Content-Type: text/plain; > charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit > pzkd --===============1157386915==-- > > Company Name: nshanoa@xxxxxxxxxxxxxx > > Company Website: nshanoa@xxxxxxxxxxxxxx > > Telephone: nshanoa@xxxxxxxxxxxxxx > > Location: nshanoa@xxxxxxxxxxxxxx > =========================================== > > Notice that their "hack" contains a BCC to "mhkoch321@xxxxxxx". Perhaps > this is an email account set up by the "hacker". > > Richard Lynch wrote: > > Put a CAPTCHA on the form. > > > > The jerk is probably not actually using your form, but a script that > > walks the net looking for forms that have name="xyz" where xyz is > > something that looks like a contact form or the URL has "contact" in > > it or... > > > > Anyway, if CAPTCHA doesn't do it, you can also put in a throttle to > > only accept N posts from IP a.b.c.d within X hours. > > > > I don't know what a CAPTCHA is but I'm going to take your second > suggestion and make it only accept X form submits from each IP address > over Y hours. > > Alex It looks like you got hit with the same thing that I did. Are you recording IP addresses? Dotan http://www.lyricslist.com/lyrics/artist_albums/510/wilde_kim.php Wilde, Kim song lyrics -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
