|
|
Posted by dmcconkey on 09/07/05 20:52
Some jerk wrote a robot to attack one of my contact forms. Once a day,
it hits my form about 10 times in a couple of seconds. It adds email
header info into a textarea box as printed below:
Content-Type: multipart/mixed; boundary="===============0845246937=="
MIME-Version: 1.0
Subject: a7a679bf
To: oanhpiuxh@mydomain.com
bcc: spamaddress@aol.com
From: oanhpiuxh@mydomain.com
This is a multi-part message in MIME format.
--===============0845246937==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
npvtr
--===============0845246937==--
I tried manually entering this into the field and substituting my own
address. It didn't seem to generate an email to me.
I'm using PHP4's mail() function to add $_POST[] contents to the
message body, so this never does make it into the header section.
However, since I really don't want my domains to come up on some
"frequent spammers" list, I'd like to be certain.
Am I in trouble here?
Also, if I just do a str_replace() to change any occurance of "MIME"
into something innocuous, will that fortify my defenses?
Thanks,
-Dan
Navigation:
[Reply to this message]
|