crust Posted September 11, 2005 Posted September 11, 2005 Someone or some people seem to be useing the contact us section of my site to test or to try to do something to my site.. I'm not really sure what they are trying to do maybe someone knows and can help me out. In my email that I get from people useing the contact us form I have been getting 3 emails in a row they seem to be a fake adress with mysite as the from.. here are a couple examples Email #1 from - [email protected] Email #2 from - [email protected] Email#3 from - [email protected] The first email just has a hyperlink and [email protected] Here is the second email: From: [email protected] To: justin <[email protected]>, [email protected] Subject: Enquiry from mysite Headers: Show All Headers lqfirdfx --===============0586796908==--" <[email protected]> MIME-Version: 1.0 X-Mailer: osCommerce Mailer Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit [email protected] <--- hyperlink Here is the 3rd email: From: "[email protected]" <[email protected]> To: justin <[email protected]> Subject: Enquiry from mysite Headers: Show All Headers [email protected] Content-Type: multipart/mixed; boundary="===============0258115953==" MIME-Version: 1.0 Subject: d8f97a7f To: [email protected] bcc: [email protected] From: [email protected] This is a multi-part message in MIME format. --===============0258115953== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit bgpfenpwe --===============0258115953==-- does anyone know what they are doing or trying to do? also what should I do to protect myself? this ha happened more then once... all seem to be doing the same thing..
Guest Posted September 11, 2005 Posted September 11, 2005 If they're all from the same IP address, or same IP address range, then block them. -jared
Jan Zonjee Posted September 11, 2005 Posted September 11, 2005 Someone or some people seem to be useing the contact us section of my site to test or to try to do something to my site.. I'm not really sure what they are trying to do maybe someone knows and can help me out. In my email that I get from people useing the contact us form I have been getting 3 emails in a row they seem to be a fake adress with mysite as the from..<{POST_SNAPBACK}> This appears to be a growing problem. There was a bug report on it months ago (bug report database seems to be acting up at the moment, it doesn't show a single one) and more and more people are experiencing problems. These are (some?) of the topics dealing with it: Email Was Spamed, contact_us.php file (Jul 30 2005) Script kiddie attempt to abuse "Contact Us" Page, hoping to exploit unchecked fields (Aug 30 2005) WANTED CONTRIBUTION! Site is hacked!, Get spammails sent from my site! (Sep 5 2005) E-Mail Security Concerns, I Feel Somebody is Abusing Enquiry Form (Sep 9 2005) There is a contribution for stopping the abuse of the form (Validate Input), but as far as I know it doesn't stop the bots from sending you those mails.
crust Posted September 11, 2005 Author Posted September 11, 2005 If they're all from the same IP address, or same IP address range, then block them. -jared <{POST_SNAPBACK}> How can you figure out what IP adress its comeing from?
AlanR Posted September 11, 2005 Posted September 11, 2005 Start here: http://www.oscommerce.com/forums/index.php?sho...ndpost&p=695512 Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
Guest Posted September 11, 2005 Posted September 11, 2005 Its faster to instal the vvc and then sort out the mail parsing issues: http://www.oscommerce.com/community/contributions,1560 that will stop the bots
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.