Re: protecting against exploiting mail forms
Intersting idea from those guys who make spams. But here we go ;D
I think that if you strip carriage returns (\r) and liefeed (\n) from
the fields may help, don't you agree?
Try this one, and, please, report what happened.
Good luck.
Marek Podmaka wrote:
Hello,
recently one of our customers had a badly written php script for
mail form and someone exploited this to send some spam. It is
exploited by injecting entire mail (with additorial recipients) to
From field - when script doesn't take care of additorial new lines.
Detailed description of this attack can be found here:
http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay
Is there any general solution? I was thinking about using
mod_security, but I'm not sure which string to block - not to cause
any false positives. The problem is I don't know form field's name,
so I can test only value. Would "\nTo: " or "\nBcc: " be a good
choice?
--
Atenciosamente,
Luiz Felipe de souza Gomes
Network Administrator
Reply to: