Posted by Alex Gemmell on 09/29/92 11:24

My website form also appeared to get "hacked" (I'm using that term very
loosely), although I have no idea if anything actually got hacked. It
definitely seems like an automated script that crawls the net probing
every form.

It triggered a bunch of emails to me but nothing that I wouldn't have
got from someone filling in the form normally so I can't see what damage
it has done. Perhaps (this is a GUESS) it has emailed the spammer
useful information but I don't know how I could possibly tell if that
has happened.

This is an example of one of the emails I got sent (a simple details
collecting form) - the interesting bit is in the "Job Title" field:
==========================================
Name: nshanoa@domainname.com

Email: nshanoa@domainname.com

Job Title: nshanoa@domainname.com Content-Type: multipart/mixed;
boundary="===============1157386915==" MIME-Version: 1.0 Subject:
90cfd7d5 To: nshanoa@domainname.com bcc: mhkoch321@aol.com From:
nshanoa@domainname.com This is a multi-part message in MIME format.
--===============1157386915== Content-Type: text/plain;
charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit
pzkd --===============1157386915==--

Company Name: nshanoa@domainname.com

Company Website: nshanoa@domainname.com

Telephone: nshanoa@domainname.com

Location: nshanoa@domainname.com
===========================================

Notice that their "hack" contains a BCC to "mhkoch321@aol.com". Perhaps
this is an email account set up by the "hacker".

Richard Lynch wrote:
> Put a CAPTCHA on the form.
>
> The jerk is probably not actually using your form, but a script that
> walks the net looking for forms that have name="xyz" where xyz is
> something that looks like a contact form or the URL has "contact" in
> it or...
>
> Anyway, if CAPTCHA doesn't do it, you can also put in a throttle to
> only accept N posts from IP a.b.c.d within X hours.
>

I don't know what a CAPTCHA is but I'm going to take your second
suggestion and make it only accept X form submits from each IP address
over Y hours.

Alex

• Next in forum: Re: [PHP] Be careful! Look at what this spammer did.
• Prev in forum: how to clear cache content in IE using php
• Thread view: Re: [PHP] Be careful! Look at what this spammer did.

[Reply to this message]