Page 1 of 1

someone hacking my site?

Posted: Mon Sep 12, 2005 4:02 am
by hessodreamy
I have a form on one of my pages with a little survey, and have been getting some strange results submitted, with every field being input as a gibberish email address from my domain name. eg "kgdsgkj@" & my domain. and one of them having the text from an email header.

This has been input even for radio boxes, so I know its not someone just typing stuff into the form. Is it a spider? Or a hacker?

Obviously a big slap round the face and a cry of 'validate your forms boy!' is warranted, and of course I'm gonna do that, but just wondered what was happening.

Cheers

Posted: Mon Sep 12, 2005 4:47 am
by phpdevuk
think its a spammer trying to use your script to send their own email. Just block anything coming from you domain from going through and bung up a friendly error message telling them to get lost!

The post at viewtopic.php?p=200411#200411 is about this too.

I have had a few of these emails myself recently, and have gone through fitting all my contact scripts with stuff to stop it. I added a log file to record what was happening, and in my case the ip address turned out to be the asian information centre somewhere in singapore, lol.

Posted: Mon Sep 12, 2005 4:56 am
by hessodreamy
Cool. Have read up on smtp injection.

I have validated the form to make sure the inputs variables from the radio boxes are the right values. This will prevent such rubbish being put into the database. I still have text fields though.

This script just writes into the database and the info is read on another page, So I dont think smtp injection is an issue here. But is there anything nasty they can do to the database?

Posted: Mon Sep 12, 2005 5:26 am
by phpdevuk
wouldn't have though that there'd be much danger of that, have read before of ways of hacking poorly validated systems.

remember finding a site before that had 10 progressively different levels of hacking problems that you had to solve, from things like downloading a password file and includes, to inserting code in a form and getting it to execute, scary stuff.


this site is quite interesting if only for the amount of things that can be extracted from google http://johnny.ihackstuff.com