Though my attempt was probably both too little and too late some time ago I removed any direct email addresses on the website and replaced them with a contact form linked from my name on every page (look in the copyright). The email address the form sends messages to, which was never used anywhere else and not directly exposed, seemed safe.
In the last few days, though, somebody or someone’s script has found the form and is filling it out repeatedly. I guess the idea is that a useful percentage of web forms will trigger an automated response that’s of interest to the programmer though just what isn’t clear to me. The script fills in the form fields with the same data, an email address of a four or five character random group of letters (such as xtpku) at this domain.
What’s truly odd is the subject line of the email. First, that it’s filled in at all since I generate the subject in my script and, as you can see, don’t give it as a field for a writer to enter. Second is the text used:
[the email address used in the form] Content-Type: multipart/mixed; boundary=”===============1278934073==” MIME-Version: 1.0 Subject: 7c77fe36 To: [the email address used in the form] bcc: [someone else’s email] From: [the email address used in the form] This is a multi-part message in MIME format. –===============1278934073== Content-Type: text/plain; charset=”us-ascii” MIME-Version: 1.0 Content-Transfer-Encoding: 7bit koxsakoifn –===============1278934073==–
Kind of looks like the spammer’s script figured out the name of my script, I’m not versed in these matters at all, and tried to force it to send a copy of whatever’s generated to a controlled email address (in red above). But of course I don’t believe it worked since a bcc in a subject line isn’t going to be executed by the PHP engine. Also looks to have been cut off–I bet subject lines can’t be more than 255 characters.
Amusing more than annoying and hopefully who/whatever clown’s behind it will get off the kick soon. Just enough of a pain to get me to read and try to understand Chris Shifflet’s article Foiling Cross-Site Attacks, conveniently sitting in my inbox waiting to be used. The included code was not quite enough to actually implement a solution–I’ve never needed to deal with PHP sessions before, if I had this would probably’ve done the trick–so I also got a very basic script from PHPBuilder.
Now we’ll see how well it works. If you are the cautious type who has cookies turned off, please do me a favor and try the form so I get a different test example than myself. Thanks.
BillSaysThis 