[thelist] Weird bot email [long]

Maximillian Schwanekamp lists at neptunewebworks.com
Sun Sep 11 00:01:00 CDT 2005

Hassan Schroeder wrote:
> Ken Schaefer wrote:
>> It might work if the backend SMTP server allows relay, it might work if
>> email's dropped directly into the SMTP server's working queue (bypassing
>> relay checks), but otherwise, you just end up with crud in the body
> Yep. I've been seeing the exact same thing on a contact form on one
> of my sites, with this same 'bcc: jrubin3546 at aol.com' inserted into
> the comment body.
> Annoying, definitely.  :-)

Jeff Howden wrote:
 > I've seen these come through mine and my clients' sites as well. 
Most fail,
 > but I found one today that made it through.  More here:
 > http://mkruger.cfwebtools.com/index.cfm/2005/9/5/email%20injection

Ah, great answers all round.  Thanks guys!  In the meantime since 
posting I added in a preg_replace() on the user-supplied data to take 
out any useful headers, but the article Jeff gave was excellent, and I 
will actually include a captcha as well.

Hassan, did you bother reporting jrubin3546 at aol.com to AOL?  I'm going 
to, even though I don't really expect The Great Unwashed will do 
anything about it.

Max Schwanekamp

More information about the thelist mailing list