Re: protecting against exploiting mail forms

To: debian-isp@lists.debian.org
Subject: Re: protecting against exploiting mail forms
From: Frédéric VANNIÈRE <frederic@vanniere.fr>
Date: Fri, 25 Nov 2005 17:08:10 +0100
Message-id: <[🔎] 54213E7D-FFA0-4F66-9D0E-A4CC927AE9CB@vanniere.fr>
In-reply-to: <[🔎] 1425852874.20051119121720@onee.sk>
References: <[🔎] 1425852874.20051119121720@onee.sk>

Hello,

I have exactly the same problem, more than 10 websites have
been used to sent many spam mails with PHP forms.

My solution is to use the trick at the address bellow :

    http://dev.planet-work.net/content/view/12/34/

I've modified the python script to count the number or time
'aol.com' is present in the mail (discard the message if > 50)

Frédéric.

Le 19 nov. 05 à 12:17, Marek Podmaka a écrit :

Hello,

  recently one of our customers had a badly written php script for
  mail form and someone exploited this to send some spam. It is
  exploited by injecting entire mail (with additorial recipients) to
  From field - when script doesn't take care of additorial new lines.

  Detailed description of this attack can be found here:
  http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay

  Is there any general solution? I was thinking about using
  mod_security, but I'm not sure which string to block - not to cause
  any false positives. The problem is I don't know form field's name,
  so I can test only value. Would "\nTo: " or "\nBcc: " be a good
  choice?

--bYE, Marki

--To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.orgwith a subject of "unsubscribe". Trouble? Contactlistmaster@lists.debian.org

Reply to:

References:
- protecting against exploiting mail forms
  - From: Marek Podmaka <marki@onee.sk>

Prev by Date: Re: Logging server for stats
Next by Date: Am I compromised -- More information
Previous by thread: Re: protecting against exploiting mail forms
Next by thread: Email Message Virus Alert
Index(es):
- Date
- Thread