My website form also appeared to get "hacked" (I'm using that term very
loosely), although I have no idea if anything actually got hacked. It
definitely seems like an automated script that crawls the net probing
every form.
It triggered a bunch of emails to me but nothing that I wouldn't have
got from someone filling in the form normally so I can't see what damage
it has done. Perhaps (this is a GUESS) it has emailed the spammer
useful information but I don't know how I could possibly tell if that
has happened.
This is an example of one of the emails I got sent (a simple details
collecting form) - the interesting bit is in the "Job Title" field:
==========================================
Name: [EMAIL PROTECTED]
Email: [EMAIL PROTECTED]
Job Title: [EMAIL PROTECTED] Content-Type: multipart/mixed;
boundary="===============1157386915==" MIME-Version: 1.0 Subject:
90cfd7d5 To: [EMAIL PROTECTED] bcc: [EMAIL PROTECTED] From:
[EMAIL PROTECTED] This is a multi-part message in MIME format.
--===============1157386915== Content-Type: text/plain;
charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit
pzkd --===============1157386915==--
Company Name: [EMAIL PROTECTED]
Company Website: [EMAIL PROTECTED]
Telephone: [EMAIL PROTECTED]
Location: [EMAIL PROTECTED]
===========================================
Notice that their "hack" contains a BCC to "[EMAIL PROTECTED]". Perhaps
this is an email account set up by the "hacker".
Richard Lynch wrote:
> Put a CAPTCHA on the form.
The jerk is probably not actually using your form, but a script that
walks the net looking for forms that have name="xyz" where xyz is
something that looks like a contact form or the URL has "contact" in
it or...
Anyway, if CAPTCHA doesn't do it, you can also put in a throttle to
only accept N posts from IP a.b.c.d within X hours.
I don't know what a CAPTCHA is but I'm going to take your second
suggestion and make it only accept X form submits from each IP address
over Y hours.
Alex
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
