[Mimedefang] OT: Email web form exploits
David F. Skoll
dfs at roaringpenguin.com
Mon Sep 5 22:59:01 EDT 2005
Chris Gauch wrote:
> Just wanted to hear how others are being hit by this latest scam. As an ISP
> that hosts hundreds of websites that use Email web forms, we have had lots
> of forms come through with fake email addresses throughout the form (see the
> article below for more info):
We haven't seen this yet. We have quite a few forms on our site that send
e-mail, but I audited the code and I'm pretty sure it's secure. We filter
all input and convert \n and \r to a space.
Also, our Web forms reject anyone who puts in an e-mail address in
Vernon Schruyver's free email domain list at
http://www.rhyolite.com/anti-spam/freemail-adb
I suspect that list would catch a lot of cracking attempts. It
certainly filters out a lot of useless queries.
Regards,
David.
More information about the MIMEDefang
mailing list