The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bot Or Not????

Discussion in 'General Discussion' started by aee156, Sep 13, 2005.

  1. aee156

    aee156 Member

    Joined:
    Aug 11, 2003
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    1
    I have contact and inquiry forms on many websites on our server. We have just recently been inendated by the forms being filled out with emails like mpmtwaqal@domain.com and mptmdfg@domain.com. There are many forms filled out with an array of prefixes with our domain name after it like it was an email. Every website on our server has this problem. I have read about bots doing this but I was not sure if this is a bot or not. I know it is not a human and has to be a program of some sort. Anyone have any ideas of how to get rid of it????
     
  2. jester.ro

    jester.ro Well-Known Member
    PartnerNOC

    Joined:
    Feb 6, 2004
    Messages:
    304
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bucharest, Romania
    cPanel Access Level:
    DataCenter Provider
    well, no.
    just make sure you sanitize the form.

    this is a header injection attack. if you look carefully, you'l probably see a BCC: some_user@aol.com

    that is the addres of the atacker, and if your form sends an email to him, next step would be to inject 10000 email into bcc and send spam.

    what you need to do is to remove any \n and \r from the variables posted.
    or implemen one of those "type the code from the image" thingies.
    it is a bot, of course.

    search google for "email header injection" or something similar, you'll find out more.
     
    #2 jester.ro, Sep 13, 2005
    Last edited: Sep 13, 2005
  3. aee156

    aee156 Member

    Joined:
    Aug 11, 2003
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    1
    Replacing the /n and /r

    I looked this up on google and it says to replace the /n and /r's but what do you replace them with??? Also, do I do this on the cgi script or the html page?
     
  4. jester.ro

    jester.ro Well-Known Member
    PartnerNOC

    Joined:
    Feb 6, 2004
    Messages:
    304
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bucharest, Romania
    cPanel Access Level:
    DataCenter Provider
    replace them with whatever you want. space, <br>, whatever.

    you vae to do this in the cgi or php script
     
Loading...

Share This Page