sametch Posted March 2, 2004 Posted March 2, 2004 I have been receiving some very unusual emails generated from our online form. The form seams to be returning more fields than usual and each field appears to resenble an email header. I can't hink why anyone would bother doing this unless there is something going on. Can someone use my website as a source for junk mail and is there a risk my address could get blocked. If so how can I stop this? This is what the email looks like: Below is the result of your feedback form from your. The form was submitted by jmathis555[at]aol.com To: jmathis555[at]aol.com From: jmathis555[at]aol.com Subject: toR(8B4A5B9D,realname) mDDBqzzvu2lFvV5siN4n1hL X3z . (jmathis555[at]aol.com To: jmathis555[at]aol.com From: jmathis555[at]aol.com Subject: 93QNFW(8B4A5B9D,email)QljXcq15O lYwQkejL4M9gSgkhhreuS7tNS h . ) on Tuesday, March 02, 2004 at 15:17:39 --------------------------------------------------------------------------- tel: jmathis555[at]aol.com To: jmathis555[at]aol.com From: jmathis555[at]aol.com Subject: U Sp7(8B4A5B9D,tel) p3nkQ . address: body requirements: body ezine: yes optin: yes button: Submit Reset: Reset lastfield: lastvalue
Miss Betsy Posted March 2, 2004 Posted March 2, 2004 Yes, it is possible. There is a way to have a web form that does not allow this to happen. But since I am not technically fluent, I don't know where to tell you to look. I hope someone else will. Miss Betsy
Wazoo Posted March 2, 2004 Posted March 2, 2004 As Miss Betsy has already stated, yes, web-form e-mail apps are notoriously insecure. So your particular situation boils down to - where did you get your scri_pt? Is it locked down? Is it secure? Are there restrictions in place, like only so many addresses allowed, run/rate limit from usage requests from the same source IP, on and on ... Historically, folks would just grab a "standard" web-form scri_pt, change the two or three items to reflect thier URL data, and turn it on... but that "standard" web-form scri_pt wasn't written to be secure, thus it was easily abused. To answer the question of "is your scri_pt secure", you'd have to give up the URL or post it, guessing that either of these options isn't something you want to do ...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.