> -----Original Message----- > From: suppressed > [mailto:suppressed On Behalf > Of Kevin Walsh > Sent: 2006 January 18 -- Wednesday 8:45 PM > To: suppressed > Subject: Re: [ic] Mail forms under attack!! > > maillists <suppressed> wrote: > > Thanks for your reply! The spam is targeted at OTHERS!! (makes me > > really > > upset!) My sendmail/Mailscanner is not a relay. Only localhost > > (apache) can send mail. > > > > I realize that this might not really be an Interchange thing, so I > > have posted for help on other lists as well. I'm not even > sure that it > > is a problem with the mail forms, but I want to tighten them up as > > much as possible. > > > > I am using Redhat Linux, IC5.4, Mailscanner, and Sendmail. > This is a > > new line item in my daily Logwatch that just started to appear: > > > > <snip> > > Authentication warnings: > > apache set sender to suppressed using -f: 7 > Times(s) </snip> > > (suppressed is a real user on my sys.) > > > > Any help would be really appreciated. Until then, I am > keeping a close > > eye on my mqueue and even shutting down sendmail when needed... > > > > Sorry if any of you are getting spam from this... Yesterday > I got over > > 23,000 undeliverables in my inbox... > > > Spam could be sent from your form if you don't sanitise your > input CGI variables prior to passing them to the [email] tag. > For instance, if a variable has an embedded CR character > then that could be used to provide extra email headers, such > as CC or BCC. Also keep in mind, any form mailer that has the "To" address in a CGI field is by its very nature prone to abuse. The destination address should _never_ be directly settable by the user; if you must make the address selectable, at least check it against a short list of allowed recipients. For reference....just because the field is hidden in a form, that doesn't mean that it can't be set at will by a hacker or by a bot designed to abuse email-us pages. If you already know who the email will go to, it's better to set the address as a scratch variable -- or even hard-code it into the page -- than to allow Joe User the chance to hijack your contact form. I haven't seen the form in question, so this is all just a cautionary note. I've just seen way too many form mailers and contact pages that had similar weaknesses. -- Daniel Davenport New Age Digital http://www.newagedigital.com _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.