On Sep 4, 2005, at 12:06 PM, Brian Dunning wrote:
Hi all -
I have forms on a number of unrelated web sites that just send me an
email for one purpose or another. There are 2 to 6 fields: name,
email, comment, etc. No big deal.
Recently I've been getting a lot of weird submissions. I'll receive
half a dozen at a time, with all the fields filled with some kind of
garbage contents. Here is one example from a form on my
americansubstandard.com site:
---snip---
COMMENT: ngeiszka@xxxxxxxxxxxxxxxxxxxxxxx
NAME: ngeiszka@xxxxxxxxxxxxxxxxxxxxxxx
---/snip---
Other times one of the fields will contain a complete multipart
submission, like this:
---snip---
COMMENT: jhynvyf@xxxxxxxxxxxxxxxxxxxxxxx
NAME: jhynvyf@xxxxxxxxxxxxxxxxxxxxxxx
Content-Type: multipart/mixed; boundary=\"===============1655480186==\"
MIME-Version: 1.0
Subject: e8df6b7
To: jhynvyf@xxxxxxxxxxxxxxxxxxxxxxx
bcc: jrubin3546@xxxxxxx
From: jhynvyf@xxxxxxxxxxxxxxxxxxxxxxx
This is a multi-part message in MIME format.
--===============1655480186==
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
xqofli
--===============1655480186==--
---/snip---
I wonder if this is some kind of automated attack attempt. Does anyone
recognize this type of thing, and is it potentially dangerous? Should
I do something about it?
- Brian
I've gotten the same kind of thing recently from a comment form.
Something's definitely going around.
I modified my script to check for various mail header elements within
the comments and return an error message if any are found. I also added
two returns following my own mail headers, which supposedly prevents an
injection of additional headers -- see
<http://us2.php.net/manual/en/ref.mail.php#55112>. And see the recent
thread on this list -- "Be careful! Look at what this spammer did."
--
Lowell Allen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
