protecting against exploiting mail forms

To: debian-isp@lists.debian.org
Subject: protecting against exploiting mail forms
From: Marek Podmaka <marki@onee.sk>
Date: Sat, 19 Nov 2005 12:17:20 +0100
Message-id: <[🔎] 1425852874.20051119121720@onee.sk>
Reply-to: Marek Podmaka <marki@onee.sk>

Hello,

  recently one of our customers had a badly written php script for
  mail form and someone exploited this to send some spam. It is
  exploited by injecting entire mail (with additorial recipients) to
  From field - when script doesn't take care of additorial new lines.

  Detailed description of this attack can be found here:
  http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay

  Is there any general solution? I was thinking about using
  mod_security, but I'm not sure which string to block - not to cause
  any false positives. The problem is I don't know form field's name,
  so I can test only value. Would "\nTo: " or "\nBcc: " be a good
  choice?


-- 
  bYE, Marki

Reply to:

Follow-Ups:
- Re: protecting against exploiting mail forms
  - From: Luiz Felipe <luiz@grupocarvalho.com.br>
- Re: protecting against exploiting mail forms
  - From: Luc Stroobant <debian@stroobant.be>
- Re: protecting against exploiting mail forms
  - From: Craig Sanders <cas@taz.net.au>
- Re: protecting against exploiting mail forms
  - From: Frédéric VANNIÈRE <frederic@vanniere.fr>

Prev by Date: Re: Email cluster
Next by Date: Re: protecting against exploiting mail forms
Previous by thread: Cyrus21 + Virtual Domains
Next by thread: Re: protecting against exploiting mail forms
Index(es):
- Date
- Thread