Posted by Rik on 07/06/06 02:45

wayne wrote:
> I have a PHP email script running on two separate websites. Today, I
> received a form mail generated by the script from each site, with time
> stamps 10 minutes apart. The entered email address in each form is
> the same, but the REMOTE_ADDR reported is different.
>
> Doing a search of the IP Addresses generates many hits, the user
> apparently posts to many news groups.
>
> The postal address entered is in MA while the IP Address from the
> first entry has many log files posted of an address in MI.
>
> Is some one trying to probe the script for vulnerabilities? If so,
> what actions should I be considering?

Could be, as long as you you protected the from from header injections, it
should be no problem. Never, ever, construct a form that will send a
confirmation to multiple (user-given) email-adresses. Be waware there should
be no possiblty to adress multiple emailadresses, either by to:, cc: or
bcc:.

For extra protection, one could impose a time limit on contacts required by
the form,for instance 3 per minute, 6 per 5 minutes, 10 per half hour per
IP-adress (which isn't a really safe bet, but in nornal use good enough,
without resorting to far more dificult methods). That way you more or less
allow for follow-up questions, but limit the amount of possible spam.

Grtz,
--
Rik Wasmus

[Back to original message]