[thelist] Email header injection
Kasimir K
evolt at kasimir-k.fi
Fri Nov 11 17:37:57 CST 2005
Steve Lewis scribeva in 2005-11-11 23:00:
> so I code my bot to make a curl request, read your hidden form field
> value, and send it back for each request. cake.
Obviously it is possible/easy to make bot that mimics human behavior so
well, that none of these gimmicks will stop it form attempting header
injections.
But while the majority of the bots are dafter than that, the hidden form
field with unique id can save from a lot of annoyance.
And once they all can pass a Turing test, well, I guess we'll be seeing
helluva lot less of contact forms out there ;-)
.k
More information about the thelist
mailing list