|
|
Posted by Dotan Cohen on 10/20/31 11:24
On 8/18/05, Alex Gemmell <agemmell@gmail.com> wrote:
> My website form also appeared to get "hacked" (I'm using that term very
> loosely), although I have no idea if anything actually got hacked. It
> definitely seems like an automated script that crawls the net probing
> every form.
>
> It triggered a bunch of emails to me but nothing that I wouldn't have
> got from someone filling in the form normally so I can't see what damage
> it has done. Perhaps (this is a GUESS) it has emailed the spammer
> useful information but I don't know how I could possibly tell if that
> has happened.
>
> This is an example of one of the emails I got sent (a simple details
> collecting form) - the interesting bit is in the "Job Title" field:
> ==========================================
> Name: nshanoa@domainname.com
>
> Email: nshanoa@domainname.com
>
> Job Title: nshanoa@domainname.com Content-Type: multipart/mixed;
> boundary="===============1157386915==" MIME-Version: 1.0 Subject:
> 90cfd7d5 To: nshanoa@domainname.com bcc: mhkoch321@aol.com From:
> nshanoa@domainname.com This is a multi-part message in MIME format.
> --===============1157386915== Content-Type: text/plain;
> charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit
> pzkd --===============1157386915==--
>
> Company Name: nshanoa@domainname.com
>
> Company Website: nshanoa@domainname.com
>
> Telephone: nshanoa@domainname.com
>
> Location: nshanoa@domainname.com
> ===========================================
>
> Notice that their "hack" contains a BCC to "mhkoch321@aol.com". Perhaps
> this is an email account set up by the "hacker".
>
> Richard Lynch wrote:
> > Put a CAPTCHA on the form.
> >
> > The jerk is probably not actually using your form, but a script that
> > walks the net looking for forms that have name="xyz" where xyz is
> > something that looks like a contact form or the URL has "contact" in
> > it or...
> >
> > Anyway, if CAPTCHA doesn't do it, you can also put in a throttle to
> > only accept N posts from IP a.b.c.d within X hours.
> >
>
> I don't know what a CAPTCHA is but I'm going to take your second
> suggestion and make it only accept X form submits from each IP address
> over Y hours.
>
> Alex
It looks like you got hit with the same thing that I did. Are you
recording IP addresses?
Dotan
http://www.lyricslist.com/lyrics/artist_albums/510/wilde_kim.php
Wilde, Kim song lyrics
[Back to original message]
|