Welcome to WebmasterWorld Guest from 54.226.23.160

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

email conact form a security risk?

is someobody trying to use my form for evil (spam)?

     
9:08 pm on Jul 26, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Oct 23, 2003
posts:165
votes: 0


Today I got several emails that had been sent via the email form on my website's contact form, one of which had the following subject line:

zzolzohj@mywebsite.com Content-Type: multipart/mixed; boundary=\"===============0709431628==\" MIME-Version: 1.0 Subject: e8f8c1c4 To: zzolzohj@mywebsite.com bcc: someone@aol.com From: zzolzohj@mywebsite.com This is a multi-part message in MIME format. --===============0709431628== Content-Type: text/plain; charset=\"us-ascii\" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit mrarh --===============0709431628==--

there were other emails where someone had typed random letters eg. zzolhzoj@mywebsite.com as their subject, email address and message.

What's going on, is someone trying to hack me and if so how can I prevent it? I'm using PHP btw.

[edited by: jatar_k at 9:13 pm (utc) on July 26, 2005]
[edit reason] generalized aol email [/edit]

9:16 pm on July 26, 2005 (gmt 0)

Administrator

WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 24, 2001
posts:15756
votes: 0


whether your email form even can be used for evil spam (hehe ;)) would depend on what it allows people to do.

Does it just submit to you?
Was that email just a bounce from a bad address?

people do have a tendency to test email forms and just submit junk to see how it works and where things go.

9:29 am on July 27, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Oct 23, 2003
posts:165
votes: 0


As far as I can ascertain, the email just went to me. In the subject line there mentions a BCC: to someone@aol.com I changed that email address to another of my own to see if it would get through and it didn't.
10:19 am on July 27, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 15, 2002
posts:520
votes: 0


anyone have any suggestions on an easy way to stop this?
5:05 pm on July 27, 2005 (gmt 0)

Administrator

WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 24, 2001
posts:15756
votes: 0


if it is only going to you then it shouldn't really matter, just annoying

you could look at the mail calls in the script itself to see if there is any possibility of abuse with the ways it's coded right now.

5:19 pm on July 27, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 16, 2003
posts:992
votes: 0


I got the same sort of thing on one of my contact forms today. I checked, and the AOL address was invalid, so it wasn't going anywhere. Either it was shut down very quickly, or the spammer was not planning to get a reply.

I think this is a variation on the search for formmail.pl. Most webmasters are wise to that and use the updated version, if any. But there could still be a lot of insecure contact forms out there, so I expect to see more of the same.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members