Re: Weird database entry

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mark Fellowes wrote:
I checked my registration table recently and found 3 weird entries. First, this is where someone registers a username and password. The password is generated but encrypted , and an email link must be responded to activate the account , which these were not but it kind of threw me anyway.

This what was in the username field:
Content-Type: multipart/alternative; boundary=6bc7cccbb294b179bd23781d7d300264
MIME-Version: 1.0
Subject: said ophie call once again he ammerjunker
bcc: Deepawar@xxxxxxx
This is a multi-part message in MIME format.
--6bc7cccbb294b179bd23781d7d300

Now, since my site is not totally operational and not really in production I gues I still should have put the validation code in anway :)

However aside from my bad behaviour does this type of entry signify an attempt at an attack of any kind ?

Yes. Someone is trying to use your registration form for spam and assuming that you're not doing any checks on content.

Check http://www.securephpwiki.com/index.php/Email_Injection for details on how to stop this from working - it won't stop the attempts but spam won't be sending out from this particular form.

If you want to stop it from happening altogether, you'll need to look at using captcha.

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux