You are here: Re: [PHP] Be careful! Look at what this spammer did. « PHP « IT news, forums, messages
Re: [PHP] Be careful! Look at what this spammer did.

Posted by Dotan Cohen on 10/19/31 11:24

On 8/18/05, Alex Gemmell <agemmell@gmail.com> wrote:
> My website form also appeared to get "hacked" (I'm using that term very
> loosely), although I have no idea if anything actually got hacked. It
> definitely seems like an automated script that crawls the net probing
> every form.
>
> It triggered a bunch of emails to me but nothing that I wouldn't have
> got from someone filling in the form normally so I can't see what damage
> it has done. Perhaps (this is a GUESS) it has emailed the spammer
> useful information but I don't know how I could possibly tell if that
> has happened.
>
> This is an example of one of the emails I got sent (a simple details
> collecting form) - the interesting bit is in the "Job Title" field:
> ==========================================
> Name: nshanoa@domainname.com
>
> Email: nshanoa@domainname.com
>
> Job Title: nshanoa@domainname.com Content-Type: multipart/mixed;
> boundary="===============1157386915==" MIME-Version: 1.0 Subject:
> 90cfd7d5 To: nshanoa@domainname.com bcc: mhkoch321@aol.com From:
> nshanoa@domainname.com This is a multi-part message in MIME format.
> --===============1157386915== Content-Type: text/plain;
> charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit
> pzkd --===============1157386915==--
>
> Company Name: nshanoa@domainname.com
>
> Company Website: nshanoa@domainname.com
>
> Telephone: nshanoa@domainname.com
>
> Location: nshanoa@domainname.com
> ===========================================
>
> Notice that their "hack" contains a BCC to "mhkoch321@aol.com". Perhaps
> this is an email account set up by the "hacker".
>
> Richard Lynch wrote:
> > Put a CAPTCHA on the form.
> >
> > The jerk is probably not actually using your form, but a script that
> > walks the net looking for forms that have name="xyz" where xyz is
> > something that looks like a contact form or the URL has "contact" in
> > it or...
> >
> > Anyway, if CAPTCHA doesn't do it, you can also put in a throttle to
> > only accept N posts from IP a.b.c.d within X hours.
> >
>
> I don't know what a CAPTCHA is but I'm going to take your second
> suggestion and make it only accept X form submits from each IP address
> over Y hours.
>
> Alex

It looks like you got hit with the same thing that I did. Are you
recording IP addresses?

Dotan
http://www.lyricslist.com/lyrics/artist_albums/510/wilde_kim.php
Wilde, Kim song lyrics

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация