[Mimedefang] OT: Email web form exploits
Kelson
kelson at speed.net
Tue Sep 6 12:47:13 EDT 2005
Chris Gauch wrote:
> Just wanted to hear how others are being hit by this latest scam. As an ISP
> that hosts hundreds of websites that use Email web forms, we have had lots
> of forms come through with fake email addresses throughout the form (see the
> article below for more info):
I've seen several of these over the past week. Mostly on forms that
don't actually accept aribitrary recipients, though I did have to audit
and fix a few. I actually laughed at one that came through with a
12-line-long "Subject" header where they'd tried to insert their own
recipient, received, and other fields. On the other hand, that was
partly a function of which scripts they hit. If it had worked, I
would've been too busy fixing the code to laugh.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list