[thelist] Site getting spammed

Chris Dorer cdorer at gmail.com
Fri Nov 18 13:37:04 CST 2005


As a precaution...

Get or make your own logger ( i prefer PEAR::Log, if using PHP, which i
think you are)
And log the times, all $_SERVER, or at least the $_SERVER['REMOTE_ADDR'],
and $_REQUEST info.

And at the very least, use the JPGraph captcha library if it insists

On 11/18/05, Ken Robinson <kenrbnsn at rbnsn.com> wrote:
>
> Quoting Robert Vreeland <vreeland at studioframework.com>:
>
> > Hello List,
> >
> > One of my client's web site is getting spammed, or something like it. It
> > appears as though someone is using a script to auto-fill their email
> > newsletter registration form; every field is being filled in with the
> same
> > bogus email address using my client's domain name. For example:
> > Email : 245she at clients_domain.com
> > confirm email : 245she at clients_domain.com
> > Name : : 245she at clients_domain.com
> > Address : 245she at clients_domain.com
> > City: : 245she at clients_domain.com
> >
> > etc..
> >
> > Does anyone have any idea what this is meant to do? Are they phishing
> for a
> > reply address or seeing if they can get a database error?
> >
>
> These people are trying to use your email form to send spam. I'm assuming
> the
> web site uses PHP. This is one of the reasons to always verify user input
> matches what your script is expecting.
>
> I use the following code at the start of my scripts that process these
> types of
> forms:
>
> <?php
> if (!empty($_POST)) {
> foreach ($_POST as $k=>$v) {
> if (strpos($v,'Content-Type') !== FALSE) {
> //
> // reject the post as bogus
> // optionally make a record of the bogus post
> //
> }
> }
> }
> ?>
>
> These people are first doing a screen scrape of a show source to get all
> possible $_GET or $_POST variables. Then they use a program to send the
> bogus
> post to your script. The biggest potential problem is that they are trying
> to
> inject a MIME 'Content-Type' message into the email you send with a
> different
> Subject and a BCC address.
>
> Take a look at <http://www.phpsec.org/> for more information and tests.
>
> Ken Robinson
>
> --
>
> * * Please support the community that supports you. * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
>



More information about the thelist mailing list