|
it
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Mail insertion hack on Send Mail form
Recently one of my forms is occasionally sending email with what seems to be an insertion which is replacing the plain text part of the email with something else. Looking at the server sent email source, the hacked emails have the following: This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C60610.91D1FFA0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: base64 QmVsb3cgaXMgdGhlIHJlc3VsdCBvZiB5b3VyIHJlcXVlc3QgZm9yIGluZm8gZm9ybS4...etc .....................S0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCi0tLQ0K ------=_NextPart_000_0001_01C60610.91D1FFA0 Content-Type: text/html Content-Transfer-Encoding: 8bit <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> .......the correct html content On a non-hacked email the content is: This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C5FD9B.47C9C190 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Below is the result of your request...... .........the correct plain text content ------=_NextPart_000_0001_01C5FD9B.47C9C190 Content-Type: text/html Content-Transfer-Encoding: 7bit <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> .......the correct html content How can I prevent this happening? What is the evil hacker attempting to include? Apart from the submitter's email address and links to a chinese site, all the rest of the characters in the submission are non-english (irrelevant no doubt). I am changing the form to include a server generated value which will make it harder for this to be done by posting to the page without going to the form first. I am clipping all form entries to reasonable sizes. What can I look for in or strip from the form submission to decide to trash the attempt? Colin  |
|||||||||||||||||||||||
Other interesting topics