Posted by Lowell Allen on 09/05/05 18:35

On Sep 4, 2005, at 12:06 PM, Brian Dunning wrote:

> Hi all -
>
> I have forms on a number of unrelated web sites that just send me an
> email for one purpose or another. There are 2 to 6 fields: name,
> email, comment, etc. No big deal.
>
> Recently I've been getting a lot of weird submissions. I'll receive
> half a dozen at a time, with all the fields filled with some kind of
> garbage contents. Here is one example from a form on my
> americansubstandard.com site:
>
> ---snip---
> COMMENT: ngeiszka@americansubstandard.com
> NAME: ngeiszka@americansubstandard.com
> ---/snip---
>
> Other times one of the fields will contain a complete multipart
> submission, like this:
>
> ---snip---
> COMMENT: jhynvyf@americansubstandard.com
> NAME: jhynvyf@americansubstandard.com
> Content-Type: multipart/mixed; boundary=\"===============1655480186==\"
> MIME-Version: 1.0
> Subject: e8df6b7
> To: jhynvyf@americansubstandard.com
> bcc: jrubin3546@aol.com
> From: jhynvyf@americansubstandard.com
> This is a multi-part message in MIME format.
> --===============1655480186==
> Content-Type: text/plain; charset=\"us-ascii\"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> xqofli
> --===============1655480186==--
> ---/snip---
>
> I wonder if this is some kind of automated attack attempt. Does anyone
> recognize this type of thing, and is it potentially dangerous? Should
> I do something about it?
>
> - Brian

I've gotten the same kind of thing recently from a comment form.
Something's definitely going around.

I modified my script to check for various mail header elements within
the comments and return an error message if any are found. I also added
two returns following my own mail headers, which supposedly prevents an
injection of additional headers -- see
<http://us2.php.net/manual/en/ref.mail.php#55112>. And see the recent
thread on this list -- "Be careful! Look at what this spammer did."

--
Lowell Allen

[Back to original message]