tenpastmidnight blog
Making hay while the sun shines
» Monday, September 05, 2005 «
Spammers attacking contact forms
A few of my sites have contact forms on them and I've received a spate of spam attacks through them over the last couple of weeks.
First they attacked the form on tenpastmidnight, which wasn't a problem as the attack just bounced off the standard CFMail coding as it isn't written to exploit ColdFusion. However, the same thing on SpiderTest does seem to work so I've put some code in to stop the exploit working and instead mail me some details about what/who is trying the attack so I can see about blocking it.
Piers helpfully pointed me to a page on e-mail injection explaining what's going on. Basically the spammer is shoving a load of data through my form which convinces the PHP mail() command that I want to send the message to extra people. The spammer puts in their message and it gets sent to me and other people.
Normally I code to avoid exploits like this, but somehow I'd missed this one, I think I'd been lulled in to a false sense of security by ColdFusion's in-built security (which is pretty good at preventing some other exploits) and forgot that PHP just doesn't have it.
If you're getting weird messages through with things like "This is a multi-part message in MIME format." and lines of "to", "from" and "bcc" then it might be the same thing. They seem to be trying a couple of different attacks, as some have managed to spam others through my form, whereas with others the message has just come to my hard-coded address.
Ack, bleedin' spammers, who needs 'em?
First they attacked the form on tenpastmidnight, which wasn't a problem as the attack just bounced off the standard CFMail coding as it isn't written to exploit ColdFusion. However, the same thing on SpiderTest does seem to work so I've put some code in to stop the exploit working and instead mail me some details about what/who is trying the attack so I can see about blocking it.
Piers helpfully pointed me to a page on e-mail injection explaining what's going on. Basically the spammer is shoving a load of data through my form which convinces the PHP mail() command that I want to send the message to extra people. The spammer puts in their message and it gets sent to me and other people.
Normally I code to avoid exploits like this, but somehow I'd missed this one, I think I'd been lulled in to a false sense of security by ColdFusion's in-built security (which is pretty good at preventing some other exploits) and forgot that PHP just doesn't have it.
If you're getting weird messages through with things like "This is a multi-part message in MIME format." and lines of "to", "from" and "bcc" then it might be the same thing. They seem to be trying a couple of different attacks, as some have managed to spam others through my form, whereas with others the message has just come to my hard-coded address.
Ack, bleedin' spammers, who needs 'em?
Comments:
<< Home
Yeah I've been getting loads of these attacks. I'm pretty confident they're not succeeding, but might do some more testing just to reassure myself.
Post a Comment
# posted by 
: 6:55 am
: 6:55 am << Home
