Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Weird Form Entries

Status
Not open for further replies.
Mighty

Mighty

Programmer
Feb 22, 2001
1,682
US
HI Folks,

I have a feedback form on my website and it was submitted today with the content below:

We have received the following feedback through our website general feedback form.

We have received the following feedback through our website general feedback form.
Name: h9993@mysite.com
Email: h9993@mysite.com
Company/Organisation: in Content-Type: multipart/alternative; boundary=61c17a4260ebc004119bbfe3af4f7319 MIME-Version: 1.0 Subject: e was describing to bcc: bajfla2@aol.com This is a multi-part message in MIME format. --61c17a4260ebc004119bbfe3af4f7319 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit town about you. ou and your lahertys setting yourself up agen the riscolls that would never lower themselves to be --61c17a4260ebc004119bbfe3af4f7319--
Address 1: h9993@mysite.com
Address 2: h9993@mysite.com
Town/City: h9993@mysite.com
County/State: h9993@mysite.com
Postcode/Zip: h9993@mysite.com
Country: h9993@mysite.com
Phone: h9993@mysite.com
Fax: h9993@mysite.com
Reason:
Comments: h9993@mysite.com


Should I be worried about this?

Mighty
 
Sort by date Sort by votes
I would be slightly concerned that the type of information submitted was actually sent to you before being validated (i.e. the phone number clearly isn't in a correct numerical format).

I'm not sure if you have to be that worried in terms of what the user was actually trying to do, but you should look into validating entries so this type of spam isn't allowed through. It may also be worth implementing some sort of CAPTCHA entry in case this was an automated submission.


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Upvote 0 Downvote
Excuse the ignorance but what is CAPTCHA

Mighty
 
Upvote 0 Downvote
It's one of those forms that asks you to input a particular sequence of randomly generated numbers/letters.



____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.
 
Upvote 0 Downvote
the phone number clearly isn't in a correct numerical format
Click to expand...
Actually, it's not a good idea to over-validate the phone number. The user might enter any of these:

(123) 456789
123-456-7890
1234546 ext. 234
+44 243 4444464
12345678 call after 10am
... etc ...

All will make sense to a human reader, but it's hard to validate for all possibilities. Unless you have a pressing reason to annoy the user by finding fault with their (to them) valid phone numbers, don't do it.

-- Chris Hunt
Webmaster & Tragedian
Extra Connections Ltd
 
Upvote 0 Downvote
Fair point Chris.

I maybe should have said something like "as all of the details that have been entered are identical, that clearly isn't valid" as I was just trying to point out that the submission above shouldn't have really been allowed to get through to you.


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Upvote 0 Downvote
The contents of comapny/organisation is the main clue here. Whoever is using your script is attempting to use it as a spam relay via mail header manipulation.

I would take a close look at the server-side code you use to send the emails... you may want to check that you are stipping out \n and \r in the message. Best to check the folks on the forum that represents the server-side environment you are using (php, asp, jsp etc).

Cheers,
Jeff

[tt]Jeff's Page @ Code Couch
[/tt]

What is Javascript? FAQ216-6094
 
Upvote 0 Downvote
Unless you have a pressing reason to annoy the user by finding fault with their (to them) valid phone numbers, don't do it.
Click to expand...

If you want an example of bad validation, take a look at the following:


Why would anyone force a Name field to be at least 6 characters? What do you do if your name isn't that long. [smile]

Mighty,

You need to act quickly to plug any possible holes in your script. I see these attempts daily on client's sites and normally the first few e-mails are to test the waters, then if any of their mails are relayed the script will be exploited very soon and they wil hammer it with thousands of e-mails.

Hope this helps

Wullie

Fresh Look - Quality Coldfusion 7/Windows Hosting
YetiHost - Coming Soon

The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nomaam22
  • Locked
  • Question
Monitor Form POST
Replies
3
Views
87
ingresman
ingresman
Beowulf005
  • Locked
  • Question
Form Mailer
Replies
2
Views
65
BillyRayPreachersSon
BillyRayPreachersSon
Foamcow
  • Locked
  • Helpful tip
Preventing mail form/comment form spam
Replies
5
Views
94
Foamcow
Foamcow
Beowulf005
  • Locked
  • Question
Reply to Form Post
Replies
4
Views
69
Beowulf005
Beowulf005
fauntleroy
  • Locked
  • Question
PHP form question - non-mandatory fields
Replies
1
Views
67
johnwm
johnwm

Part and Inventory Search

Sponsor

Back
Top