This is Interesting: Free Magazines for Graphics designers and webmasters  


Home > Archive > Dreamweaver > September 2005 > is this some kind of attack?





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author is this some kind of attack?
wadds

2005-09-14, 4:20 am

Hi

i wonder if a couple of people could have a quick look at the link below. If
you scroll to the bottom you will see strange text that seems to have been done
by some audtomated system. All those strange email addresses ending @waddo.net
do not exist.

This is the 3rd time I have seen this stuff in the last month. I removed the
previous ones.

Any ideas what it's all about?

http://www.waddo.net/gb/lookgb.php

cheers

Souri

2005-09-14, 7:15 am

It looks like an Email Injection attack. I'm not sure why they're
attempting it in your guestbook. You can see the email address they're
trying to send their spam to with the BCC: email.

Personally, I would check your request.form's with any keywords like
"MIME" and reject the guestbook post. These spammers have these kind of
attacks automated and you'll be removing it manually forever otherwise.

- Souri

wadds wrote:
> Hi
>
> i wonder if a couple of people could have a quick look at the link below. If
> you scroll to the bottom you will see strange text that seems to have been done
> by some audtomated system. All those strange email addresses ending @waddo.net
> do not exist.
>
> This is the 3rd time I have seen this stuff in the last month. I removed the
> previous ones.
>
> Any ideas what it's all about?
>
> http://www.waddo.net/gb/lookgb.php
>
> cheers

Joe Makowiec

2005-09-14, 7:15 am

On 14 Sep 2005 in macromedia.dreamweaver, wadds wrote:

> i wonder if a couple of people could have a quick look at the link
> below. If
> you scroll to the bottom you will see strange text that seems to
> have been done by some audtomated system. All those strange email
> addresses ending @waddo.net do not exist.
>
> This is the 3rd time I have seen this stuff in the last month. I
> removed the
> previous ones.
>
> Any ideas what it's all about?
>
> http://www.waddo.net/gb/lookgb.php

It's spammers looking for a compromised PHP mailform to use as a spam
sending vehicle. Evidently they're hitting your guestbook form, too.
Search the groups (http://groups.google.com/) for [php email injection]
(without the []) for more details.

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/email.php
Sponsored Links


Copyright 2003 - 2008 forum4designers.com  Software forum  Computer Hardware reviews