|
Posted by Shooter on 10/13/20 11:31
Has anyone else noticed a bunch of attacks on PHP pages that mail the
results of a feedback form? I've changed my filenames and within a
couple of days noticed the attacks resume. I get multiple Emails with
attempts to put multi-part MIME files in the message area, and other
unknown data strings. I'm not sure if this is called injection...? It's
happening on several domains.
What I've tried thus far:
Appending the sender's IP address to the Email message
Changed file names of the mail page (problem resumed a day or two
later)
Limited the text/message field to 255 char.
Verify no empty fields (but get a random Email address, such as
abcde@...)
Specify the recipient in the mail script ($to=webmaster...)
Any suggestions or info? Am I "unique" in having someone trying to
force other data in my PHP mail forms?
Thanx,
Wm
Navigation:
[Reply to this message]
|