Code Forums - View Single Post

metazai · 09-06-2005, 02:39 PM

Here's a weird one . . . I'm webmaster of several sites, but two of them which use the PHP mail functionality to submit webform results have come under . . . well, I'm not sure if I can call it attack, but I don't know what else to call it. I'm getting repeated blank submissions -- blank, that is, except for the email field, which is always "<random characters>@" and My OWN domain name. . . several hundred of these over the last month.

The online forms in question are simple information-gathering forms, nothing secure, so I don't have any field validation on them. When I add that, I just get more submissions, but with gibberish in all the fields. Is this somebody's bot trying to get into my server? Does using a simple PHP mail script provide any information that might expose a vulnerability? I added a snippet to send me back an IP address, but I don't know what I can do with that, except report it to an ISP, but report what, exactly?

Any thoughts? Anybody ever hear of this kind of attack?

09-06-2005, 02:39 PM	#1 (permalink)
metazai Regular Contributor Join Date: Apr 2004 Location: Orange County, CA Posts: 136	PHP mailer . . . secure? Here's a weird one . . . I'm webmaster of several sites, but two of them which use the PHP mail functionality to submit webform results have come under . . . well, I'm not sure if I can call it attack, but I don't know what else to call it. I'm getting repeated blank submissions -- blank, that is, except for the email field, which is always "<random characters>@" and My OWN domain name. . . several hundred of these over the last month. The online forms in question are simple information-gathering forms, nothing secure, so I don't have any field validation on them. When I add that, I just get more submissions, but with gibberish in all the fields. Is this somebody's bot trying to get into my server? Does using a simple PHP mail script provide any information that might expose a vulnerability? I added a snippet to send me back an IP address, but I don't know what I can do with that, except report it to an ISP, but report what, exactly? Any thoughts? Anybody ever hear of this kind of attack?