Mark Fellowes wrote:
I checked my registration table recently and found 3 weird entries.
First, this is where someone registers a username and password. The password is generated but encrypted , and an email link must be responded to activate the account , which these were not but it kind of threw me anyway.
This what was in the username field:
Content-Type: multipart/alternative;
boundary=6bc7cccbb294b179bd23781d7d300264
MIME-Version: 1.0
Subject: said ophie call once again he ammerjunker
bcc: Deepawar@xxxxxxx
This is a multi-part message in MIME format.
--6bc7cccbb294b179bd23781d7d300
Now, since my site is not totally operational and not really in production I gues I still should have put the validation code in anway :)
However aside from my bad behaviour does this type of entry signify an attempt at an attack of any kind ?
Yes. Someone is trying to use your registration form for spam and
assuming that you're not doing any checks on content.
Check http://www.securephpwiki.com/index.php/Email_Injection for details
on how to stop this from working - it won't stop the attempts but spam
won't be sending out from this particular form.
If you want to stop it from happening altogether, you'll need to look at
using captcha.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
