Posted by Alex Gemmell on 10/19/39 11:24

Cilliè wrote:
>
> ----- Original Message ----- From: "Alex Gemmell" <agemmell@gmail.com>
> To: <php-general@lists.php.net>
> Sent: Thursday, August 18, 2005 12:11 PM
> Subject: Re: [PHP] Be careful! Look at what this spammer did.
>
>
>
>> Notice that their "hack" contains a BCC to "mhkoch321@aol.com".
>> Perhaps this is an email account set up by the "hacker".
>
>
> sorry, i'm a bit in the dark here. how did they manage to fill in bcc ?
> you mean
> that someone can spam from your site by bcc'ing messages to other mail
> accounts ?

If you look at the "code" they inserted into my form it's all email
headers. One of the headers is a BCC field. I don't actually think it
worked (well, I hope it didn't) but you can see the hacker _intended_ to
BCC the email to that AOL address.

Come to think of it the AOL address is probably not the hacker's email
address but some poor sod who would have recieved a spam email
supposedly from my domain.

Alex

• Next in forum: Re: [PHP] Be careful! Look at what this spammer did.
• Prev in forum: Re: [PHP] Be careful! Look at what this spammer did.
• Thread view: Re: [PHP] Be careful! Look at what this spammer did.

[Reply to this message]