|
|
Posted by Greg Schnippel on 08/17/05 20:47
> I'll reply soon off list, as I don't think it appropriate to give
> potential spammers an archive full of new tricks.
I don't know -- I think its always better to discuss this in the open
if there is a real security risk that people should be aware of.
A couple days after your posting to PHP-General, I saw the same kind
of probe on my system:
<begin clueless code>
Content-Type: multipart/mixed; boundary="===============0493326424=="
MIME-Version: 1.0
Subject: c3b8e7fc
To: wmlhlk@gyre.org
bcc: bergkoch8@aol.com
From: wmlhlk@gyre.org
This is a multi-part message in MIME format.
--===============0493326424==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
awhvtr
--===============0493326424==--
</end clueless code>
This was submitted through a simple web contact form with a message,
subject, and body form fields. The hakor submitted the above as the
body of the message 3-4 times than seemed to give up (although he did
send a few obnoxious threats). I don't believe this did anything
because
1) I never got a bounce message from the made-up address he attempted
to send to ("wmlhlk@gyre.org")
2) I believe that since the mail function already sent out the
headers, any subsequent "headers" would just be ignored. Or they would
be treated as text since they occurred in the message portion and not
parsed literally.
Not sure that there is any risk here, but I'm shrouding my contact
script (changing the form variables and script name to something less
obvious) just in case.
- Greg
Navigation:
[Reply to this message]
|