Posted by juglesh on 06/14/85 11:31

Shooter wrote:
> Has anyone else noticed a bunch of attacks on PHP pages that mail the
> results of a feedback form? I've changed my filenames and within a
> couple of days noticed the attacks resume. I get multiple Emails with
> attempts to put multi-part MIME files in the message area, and other
> unknown data strings. I'm not sure if this is called injection...? It's
> happening on several domains.
>
> What I've tried thus far:
> Appending the sender's IP address to the Email message
> Changed file names of the mail page (problem resumed a day or two
> later)
> Limited the text/message field to 255 char.
> Verify no empty fields (but get a random Email address, such as
> abcde@...)
> Specify the recipient in the mail script ($to=webmaster...)
>
> Any suggestions or info? Am I "unique" in having someone trying to
> force other data in my PHP mail forms?

<
http://groups.google.com/group/comp.lang.php/browse_thread/thread/710a68cc0b6cd1f0/22e7d3a107c1148d#22e7d3a107c1148d

>

hth

• Next in forum: Re: Dynamic Voting Script
• Prev in forum: Re: including image, js, css from private dir
• Thread view: Re: Form mail attacks?

[Reply to this message]