I agree, but so far it helps... Maybe rewriting feedback form in javascript, so it starts existing only after a click on a link or button could help... This approach helps with email adressess hiding them from spiders. Viktoras -------Original Message------- From: Mike Jackson Date: 06/24/06 01:41:32 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] How to deny access based on user agent - help But that's just security through obscurity. It only gets you so far. I've seen newer variations on this that don't look for common exploits - they spider the site (or maybe it's a human crawler; my bet's on a spider) and look for contact forms, either with common or uncommon names. Once they find
a page with a form on it, they submit like crazy to find vulnerabilities. I've seen the same behavior on three different servers, so I know it's not an isolated attack. Often they'll start by submitting the same email address to all the fields on the form, then move on to injecting mail headers into the form input, sometimes with a single dot on a line (to fool sendmail into thinking it's a new message). There's often a common email address in all the bogus ones, usually an AOL address - I'll assume they're setting up free accounts, then abandoning them after they're done with an attack. The last time I saw one of these, they used the same IP until it was blocked, then moved on to another one. Our ultimate solution was to change the form scripts to strip out newline characters - it makes submitted comments look funny, but there's no chance of header injection attacks. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
