Still spam coming thru
Posted: Fri Feb 24, 2006 10:51 am
Yesterday i suffered from a spam attack that came trhough the default contact form. 
All was caused by me, missing the latest upgrade from december. (BTW: did I miss the post on secunia?)
Of course, i quickly upgraded to 0.11.2, the latest release. Indeed, the flood stopped. today, I found a new message that came in through the apache user on my account.The date is also set today. Possibly our friends already found out how to escape the new form.
Im running the 'default' contact form, version 1.1. I should also be telling its a fedora core 3 box, PHP Version 4.4.2, Apache/1.3.34 in case of any relevance.
I have a few questions:
* has anyone seen similar messages coming through ?
* is anyone aware of a new possible vullnerability?
* is there a way already provided to prevent such abuse, or a workaround with a different form system?
Thanx!
Below are the headers of this mail. Anyone listening
I took off my domain.com and replaced it by domain.com.
All was caused by me, missing the latest upgrade from december. (BTW: did I miss the post on secunia?)Of course, i quickly upgraded to 0.11.2, the latest release. Indeed, the flood stopped. today, I found a new message that came in through the apache user on my account.The date is also set today. Possibly our friends already found out how to escape the new form.
Im running the 'default' contact form, version 1.1. I should also be telling its a fedora core 3 box, PHP Version 4.4.2, Apache/1.3.34 in case of any relevance.
I have a few questions:
* has anyone seen similar messages coming through ?
* is anyone aware of a new possible vullnerability?
* is there a way already provided to prevent such abuse, or a workaround with a different form system?
Thanx!
Below are the headers of this mail. Anyone listening
I took off my domain.com and replaced it by domain.com. Code: Select all
From - Fri Feb 24 10:59:57 2006
X-Account-Key: account1
X-UIDL: 014d33a1cfa950be77dd502dcc86e879
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
>From domain@domain.com Fri Feb 24 10:58:32 2006
Return-path: <domain@domain.com>
Envelope-to: barry@voeten.com
Delivery-date: Fri, 24 Feb 2006 10:58:32 +0100
Received: from apache by server22.domain.com with local (Exim 4.50)
id 1FCZia-0007dO-5D
for domain@domain.com; Fri, 24 Feb 2006 10:58:32 +0100
To: domain@domain.com
Subject: the4202@domain.com
From: nryContent-Type: multipart/alternative@domain.com; boundary=ee5f3535e7c3978ad56791c0fb48c251MIME-Version: 1.0Subject: rayvolver an took out a policy on his life. ladybcc: WintOlympLovr99@recipient-domain.comThis is a multi-part message in MIME format.--ee5f3535e7c3978ad56791c0fb48c251Content-Type: text/plain; charset="us-ascii"MIME-Version: 1.0Content-Transfer-Encoding: 7bitto him. o wan hears or wants to hear annything about it. h nex time we see ye,
ye come out lookin pale an emacyated an much younger an betther lookin thin annywan iver raymimbers--ee5f3535e7c3978ad56791c0fb48c251--. <the4202@domain.com>
Reply-To: the4202@domain.com
Message-Id: <E1FCZia-0007dO-5D@server22.domain.com>
Date: Fri, 24 Feb 2006 10:58:32 +0100
the4202@domain.com
