|
|
Posted by J.O. Aho on 11/23/06 18:01
vitay wrote:
> Hi
>
> I have a website (shop with user accounts) with logging script in PHP and my
> logger show me like this:
>
> var $_POST['login'] shows:
> "user234@mydomain.com"
>
>
> var $_POST['password'] shows:
>
> "
> Received: from 1.2.3.4 ([193.17.41.24])
> ...
> BCC:user235@mydomain.com
> BCC:userasd4@mydomain.com
> BCC:userasd023@mydomain.com
> by 1.2.3.4 (Postfix) with ESMTP id 393FF2B9B9;
> Thu, 23 Nov 2006 20:00:59 +0100 (CET)
> Content-Type: multipart/related;
> type="multipart/alternative";
> Content-Transfer-Encoding: binary
> MIME-Version: 1.0
> X-Mailer: MIME-tools 5.413 (Entity 5.413)
> .......
>
> Here some spam text
> "
>
>
> His IP is changing every few minutes and he is trying all the time from
> yeastarday.
He uses a auto-script and thinks your login is a "feedback mailer" and is
trying to inject extra extra mail headers (those BBC:), I suggest you just
switch the name of the login page and fix the links on your site and the
traffic will end (at least for a while).
You can also look at the $_SERVER['HTTP_REFERER'] to see if the person who
logs in comes from another page on your site or not (keep in mind that many
nowadays turned off this in their browsers).
$_SERVER['HTTP_USER_AGENT'] can also be used to check if there is something
suspect, if you don't think the browser he says he is using is an okey one,
then "ban" that browser name/version, keep in mind that this can be turned off
in a normal browser.
//Aho
Navigation:
[Reply to this message]
|