NYCPHP Meetup

[Ken Robinson]

At 09:34 AM 9/11/2005, Rolan Yang wrote:
>A few of my web based feedback (contact.php) scripts have been getting
>hammered with some sort of  spam or bot net attack over the past week.
>The scripts are running on different servers at different web hosts, but
>the garbage coming in has been the same. The "from" field is filled in
>with random lower case letters like "kljaogr at domain.com" where "domain"
>is the website address. The body field contains the same email address.
>
>Sometimes "Content-Type: multipart/mixed;
>boundary=\"===============083392.."
>is appended to the email address in both the "from:" field and also the
>body.
>
>The submissions are coming from different ip's all over the world.
>Has anyone else been experiencing anything similar?

Yes. I use the following function

function checkit($name) {
     return(str_replace(array("\r", "\n", "%OA", "%oa", "%OD", "%od", 
"Content-Type:","BCC:","bcc:"), "", $name));
}

to render their attempts harmless.

I use the above function with:

$from = '"' . stripslashes(checkit($_POST['contactname'])) . '" <' . 
stripslashes(checkit($_POST['Email'])) . '>';
$to = "kenrbnsn at kis-web-design.com";
$headers = "From: " . $from . "\r\n";
$headers .= "Reply-To: " . stripslashes(checkit($_POST['Email'])) . "\r\n\r\n";
@mail($to, "Subject goes here", $mail_body, $headers);

They are still trying, but they aren't succeeding to do anything 
malicious. One of the attempts even but their code in my message 
textarea, which wouldn't have done anything anyway since it was in 
the body of the mail message.

Ken