Jan Pieter Cornet wrote:
The best protection is to look for embedded CR or LF characters in
a field that should not contain such characters, like the Subject,
To, From or any other field that would end up in a header. If there
are any, just reject with an error.
You might want to ignore
Kelson wrote:
James Ebright wrote:
Check the URI referrer and only allow the web form to be hit FROM
the URLS that it should be linked to otherwise simply return an
error similar to unauthorized access attempt
Not sufficient. These are being done using direct hits to port 80,
not
Matthew.van.Eerde wrote:
Kelson wrote:
James Ebright wrote:
Check the URI referrer and only allow the web form to be hit FROM
the URLS that it should be linked to otherwise simply return an
error similar to unauthorized access attempt
Not sufficient. These are being done using
Chris Gauch wrote:
[Add fake fields to forms and reject if they're not blank.]
Now THAT is clever. I like it!
In fact, you might want to log the contents of the fields somewhere,
because chances are they'll contain probe addresses that might
be helpful for tracking down the spammers.
Regards,
David Skoll wrote:
Chris Gauch wrote:
[Add fake fields to forms and reject if they're not blank.]
Now THAT is clever. I like it!
In fact, you might want to log the contents of the fields somewhere,
because chances are they'll contain probe addresses that might
be helpful for
On Wed, Sep 07, 2005 at 09:58:35AM -0400, [EMAIL PROTECTED] wrote:
Our largest issue with these web form mail exploits is not really
spam-related (in terms of scripts causing our web servers to become spam
relays); our clients are receiving these fake forms (obviously generated
by
Can
Check the URI referrer and only allow the web form to be hit FROM the URLS
that it should be linked to otherwise simply return an error similar to
unauthorized access attempt
This prevents these types of script interaction with a webform quite
effectively typically as it outright prevents
James Ebright wrote:
Check the URI referrer and only allow the web form to be hit FROM the URLS
that it should be linked to otherwise simply return an error similar to
unauthorized access attempt
Referrer can be faked. You can't trust any data supplied by the client.
Also, people who
Well, it has been quite some time since I have done any serious web
development (and the platform back then was netscapes enterprise server on
solaris 2.52), but...
Pull the referrer from the web server environment, not javascript or anything
else client side, in fact, if you are that paranoid it
James Ebright wrote:
Nothing is 100% but you can make it difficult enough or unlikely
enough that they will go look for easier targets... Our experience
was that simply checking the webserver env URI referrer variable was
often good enough in this scenario.
True; I *was* a little harsh, and
On Jan 27, 1:21am, John wrote:
} At 11:23 PM 9/5/2005, you wrote:
} On Jan 26, 5:16pm, John wrote:
} }
} } I am a System Administrator in Billings, MT. I am having the same issue,
} } however I do not feel this is to be taken lightly. Mine started with IP's
} } in Egypt Iran. I have
On Jan 27, 4:00am, John wrote:
} At 08:42 AM 9/6/2005, you wrote:
} On Tue, 2005-09-06 at 07:45, John wrote:
}
} Contacted them for what purpose? To tell them that you're a lousy
} programmer? Or perhaps to tell them that you stick random unverified
} code on your system (i.e.
Our largest issue with these web form mail exploits is not really
spam-related (in terms of scripts causing our web servers to become spam
relays); our clients are receiving these fake forms (obviously generated by
a kiddie script) constantly throughout the day, and the script writer isn't
[EMAIL PROTECTED] wrote on 09/07/2005 09:36:54
AM:
Our largest issue with these web form mail exploits is not really
spam-related (in terms of scripts causing our web servers to become spam
relays); our clients are receiving these fake forms (obviously generated
by
a kiddie script)
[EMAIL PROTECTED] wrote:
Isn't that called input validation and something that should be done
anyways?
True. But some input validation is a bit aggressive. How many broken
Web forms out there don't permit + in an e-mail address? And my
colleague, Dave O'Neill, can tell lots of horror
[EMAIL PROTECTED] wrote:
Isn't that called input validation and something that should be done
anyways?
True. But some input validation is a bit aggressive. How many broken
Web forms out there don't permit + in an e-mail address? And my
colleague, Dave O'Neill, can tell lots of
At 11:23 PM 9/5/2005, you wrote:
On Jan 26, 5:16pm, John wrote:
}
} I am a System Administrator in Billings, MT. I am having the same issue,
} however I do not feel this is to be taken lightly. Mine started with IP's
} in Egypt Iran. I have attempted to contact the FBI Dept. of Homeland
}
On Tue, 2005-09-06 at 07:45, John wrote:
Contacted them for what purpose? To tell them that you're a lousy
programmer? Or perhaps to tell them that you stick random unverified
code on your system (i.e. you're a lousy sysadmin)?
We also, are an ISP. We, as a company, do not control
At 08:42 AM 9/6/2005, you wrote:
On Tue, 2005-09-06 at 07:45, John wrote:
Contacted them for what purpose? To tell them that you're a lousy
programmer? Or perhaps to tell them that you stick random unverified
code on your system (i.e. you're a lousy sysadmin)?
We also, are an ISP.
--On Monday, September 05, 2005 10:59 PM -0400 David F. Skoll
[EMAIL PROTECTED] wrote:
Also, our Web forms reject anyone who puts in an e-mail address in
Vernon Schruyver's free email domain list at
http://www.rhyolite.com/anti-spam/freemail-adb
Nice list. Anyone have a SpamAssassin plugin
Kenneth Porter wrote:
http://www.rhyolite.com/anti-spam/freemail-adb
Nice list. Anyone have a SpamAssassin plugin to use it like a SURBL?
It's not really appropriate for that; I don't think most people can
afford to reject (or even score) mail from hotmail.com, gmail.com,
etc.
However, we
This is somewhat off-topic but does relate to spam/email as these Email web
form exploits seem to be yet another method that spammers have found to junk
up inboxes...
Just wanted to hear how others are being hit by this latest scam. As an ISP
that hosts hundreds of websites that use Email web
Chris Gauch wrote:
Just wanted to hear how others are being hit by this latest scam. As an ISP
that hosts hundreds of websites that use Email web forms, we have had lots
of forms come through with fake email addresses throughout the form (see the
article below for more info):
We haven't
I am a System Administrator in Billings, MT. I am having the same issue,
however I do not feel this is to be taken lightly. Mine started with IP's
in Egypt Iran. I have attempted to contact the FBI Dept. of Homeland
Security. Also have alerted AOL's Fraud Dept. as that's where the test
On Jan 26, 5:16pm, John wrote:
}
} I am a System Administrator in Billings, MT. I am having the same issue,
} however I do not feel this is to be taken lightly. Mine started with IP's
} in Egypt Iran. I have attempted to contact the FBI Dept. of Homeland
} Security. Also have alerted
I have similar online scripts I wrote but included timed posting limits... i.e.
No more than 5 per IP per 24hr period...
You may want to consider implementing similar safeguards..
--Ben
--
Ben Kamen - www.benjammin.net
___
Visit
26 matches
Mail list logo
