[Mimedefang] OT: Email web form exploits

[Kelson]

Chris Gauch wrote:
> Just wanted to hear how others are being hit by this latest scam.  As an ISP
> that hosts hundreds of websites that use Email web forms, we have had lots
> of forms come through with fake email addresses throughout the form (see the
> article below for more info):

I've seen several of these over the past week.  Mostly on forms that 
don't actually accept aribitrary recipients, though I did have to audit 
and fix a few.  I actually laughed at one that came through with a 
12-line-long "Subject" header where they'd tried to insert their own 
recipient, received, and other fields.  On the other hand, that was 
partly a function of which scripts they hit.  If it had worked, I 
would've been too busy fixing the code to laugh.

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>