For about 3 weeks now I have been receiving a couple of form mails that started bothering me lately.. 5-10 a day.. all from random ips with random usernames/details on 3 of my domains. ************************************* Sender Name _________: Content-Type: multipart/mixed; boundary=\"===============2031333667==\" MIME-Version: 1.0 Subject: 323254a0 To: bcc: From: This is a multi-part message in MIME format. --===============2031333667== Content-Type: text/plain; charset=\"us-ascii\" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit lzaczd --===============2031333667==-- Sender email ________: Subject ____________: Recipient ___________: Message _____________: ------------------------------------------------ (c) http://www.kusiss.net LOGGED : 83.17.249.134 | Sep 13, 2005 | 17:40:55 PM ************************************************ A pal of mine said that can be a virus on somebody elses computer. Which I believe it is jrubin3546@aol.com Does any virus on somebody elses computer do this ? or any other reason ? TIA
On the contrary, your site is expected to spam jrubin. Most likely, what the attacker did is to add an extra CRLF to the submitted subject and then add a few headers of their own. For example, if you submit this subject (and use actual codes for CR and LF) my subject<CR><LF>bcc: email-address , and your form isn't smart enough to validate this input, your SMTP server may end up sending this mail to you and the injected recipient. J.D.
Thanks for the technical explanation.. But I did not understand everthing.. Anyway I'm searching how to stop this.. Might have to change all my form mails. BTWY I only use the mail() function as in PHP.. nothing more.. so I believe thats why or how this ***tard done this. Yesterday After this pal of mine said that can be a virus, I sent the guy (presume he is a guy ) to jrubin's email address from a mail account that wasn't getting any of these emails. hehe.. what a luck.. I'm getting theese emails to that account as well now. Will let you know.. Thanks though..
Taken out the forms on them domains. Just emails.. Meanwhile looking for new form script that I can combine into my codes.. Will let you know after done it.. Thanks again..