Jump to content

is someone using my web form to create spam


sametch

Recommended Posts

Posted

I have been receiving some very unusual emails generated from our online form. The form seams to be returning more fields than usual and each field appears to resenble an email header.

I can't hink why anyone would bother doing this unless there is something going on.

Can someone use my website as a source for junk mail and is there a risk my address could get blocked. If so how can I stop this?

This is what the email looks like:

Below is the result of your feedback form from your. The form was submitted by

jmathis555[at]aol.com

To: jmathis555[at]aol.com

From: jmathis555[at]aol.com

Subject: toR(8B4A5B9D,realname)

mDDBqzzvu2lFvV5siN4n1hL X3z

.

(jmathis555[at]aol.com

To: jmathis555[at]aol.com

From: jmathis555[at]aol.com

Subject: 93QNFW(8B4A5B9D,email)QljXcq15O

lYwQkejL4M9gSgkhhreuS7tNS h

.

) on Tuesday, March 02, 2004 at 15:17:39

---------------------------------------------------------------------------

tel: jmathis555[at]aol.com

To: jmathis555[at]aol.com

From: jmathis555[at]aol.com

Subject: U Sp7(8B4A5B9D,tel)

p3nkQ

.

address: body

requirements: body

ezine: yes

optin: yes

button: Submit

Reset: Reset

lastfield: lastvalue

Posted

Yes, it is possible.

There is a way to have a web form that does not allow this to happen. But since I am not technically fluent, I don't know where to tell you to look.

I hope someone else will.

Miss Betsy

Posted

As Miss Betsy has already stated, yes, web-form e-mail apps are notoriously insecure. So your particular situation boils down to - where did you get your scri_pt? Is it locked down? Is it secure? Are there restrictions in place, like only so many addresses allowed, run/rate limit from usage requests from the same source IP, on and on ... Historically, folks would just grab a "standard" web-form scri_pt, change the two or three items to reflect thier URL data, and turn it on... but that "standard" web-form scri_pt wasn't written to be secure, thus it was easily abused. To answer the question of "is your scri_pt secure", you'd have to give up the URL or post it, guessing that either of these options isn't something you want to do ...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...