Posted by J.O. Aho on 11/23/06 17:56
vitay wrote:
> Hi
>
> I have a website (shop with user accounts) with logging script in PHP and my
> logger show me like this:
>
> var $_POST['login'] shows:
> "user234@mydomain.com"
>
>
> var $_POST['password'] shows:
>
> "
> Received: from 1.2.3.4 ([193.17.41.24])
> ...
> BCC:user235@mydomain.com
> BCC:userasd4@mydomain.com
> BCC:userasd023@mydomain.com
> by 1.2.3.4 (Postfix) with ESMTP id 393FF2B9B9;
> Thu, 23 Nov 2006 20:00:59 +0100 (CET)
> Content-Type: multipart/related;
> type="multipart/alternative";
> Content-Transfer-Encoding: binary
> MIME-Version: 1.0
> X-Mailer: MIME-tools 5.413 (Entity 5.413)
> .......
>
> Here some spam text
> "
>
>
> His IP is changing every few minutes and he is trying all the time from
> yeastarday.
>
>
He uses a auto-script and thinks your login is a "feedback mailer" and is
trying to inject extra extra mail headers (those BBC:), I suggest you just
switch the name of the login page and fix the links on your site and the
traffic will end (at least for a while).
//Aho
[Back to original message]
|