Forum Moderators: coopster
boundary=49f8b8c96b1dbb2f8232f1171b71d4d2
X-Mailer: The Bat! (v1.60c) Personal
Subject: pale stripe underneath it, so it can be tucked under
cc: <stripped a series of aol email addresses>
--49f8b8c96b1dbb2f8232f1171b71d4d2
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
prior to consumption. wet cured ham has been cured with a brine, either by immersion or injection. he division between wet and dry cure is not always hard and fast as some ham curing methods begin wet but are followed by dry aging
--49f8b8c96b1dbb2f8232f1171b71d4d2--
.
Email: is5625@example.com
Phone: is5625@example.com
is5625@example.com
[edited by: coopster at 6:36 pm (utc) on Nov. 7, 2006]
[edit reason] removed email specifics [/edit]
It could be that you're attracting abuse by using unsecure scripts for email forms. In which case, I'd be worried as I've seen this behaviour before, right before the script was used for a mass spam email.
Nick
Even if you have the To: address hardcoded into your form, a spammer can change the way your form operates by inserting some special characters such as a newline character followed by code to create a CC field and send their message to thousands of other recipients.
If you look at the message you posted, that looks like exactly what they have done. I doubt your form is normally setup to use the CC: field, but in the message you posted, it shows the CC field with a number of addresses in it.
Here's a post dealing with the issue.
[webmasterworld.com...]
Amongst other filters, I use the following code to block contact form submissions whose email address uses my domain name ('cos obviously I wont be emailing myself!).
if (eregi("@my-domain.com",$_POST["name"].$_POST["email"])) // Add more fields as required
{
echo 'That type of message is not allowed.';
}
Do you have to validate the message data also or just data that will be placed in the header? Can someone crack your script via data within the message?
