Email injection or someone playing games?

JimTheNim

JimTheNim

JimTheNim

Associate
Joined
9 Sep 2008
Posts
40
Location
Moira, East Midlands
Hi,

I have set up on my website a comments/feedback form, via a php menu system. The feedback is then sent via email, as part of the php forms function directly to me.

Recently I have been getting the following in my emails:

From: gcnjgfzoyp
E-Mail: [email protected]
Comments: ux3lye <a href=\"http://dkjyjiacqczz.com/\">dkjyjiacqczz</a>, behomdnfkvsd, [link=[URL]http://eyqrdadyimjt.com/]eyqrdadyimjt[/link[/URL]], http://dvxlpproknfu.com/
Operating system: jREClmxpNwpJ
Further inclusion: ux3lye <a href=\"http://dkjyjiacqczz.com/\">dkjyjiacqczz</a>, behomdnfkvsd, [link=[URL]http://eyqrdadyimjt.com/]eyqrdadyimjt[/link[/URL]], http://dvxlpproknfu.com/

It's always in the same format of nonsense addresses and URL's.

Does this look to you like an email injection, or someone playing around?
 
Well it doesn't look random as if you notice none of the stuff he types is something you would type if you were just mashing the keyboard, all the letters are spaced out so maybe malicious. I'm no expert though.
 
you could try putting a Kaptcha image on your form to stop any bots being able to submit to you? (it's one of those pictures that you have to type in to submit forms)

I think there is an opensource/free one somewhere :)
 
Makes perfect sense - and I've found a few free downloads on Google (and a link to this topic funnily enough!!).

Thanks for help.
 
Another easy technique is to use Javascript/CSS to hide an extra text form field on the page. Real people won't see it, but bots will. So any submissions you see with the field filled in are likely to be a bot, and can be instant discarded.

The Javascript method is detailed here.

akakjs
 
You must log in or register to reply here.
Back
Top Bottom