Email injection attack

This morning before heading off to work (yes I know it is a saturday) I decided to check my email quickly only to discover that the band website contact form had been attacked (or at least tried). Luckily they were not successful because I had none of the form variables going into the header of the mail but still opened my eyes to another vunerability that I have now fixed on all my mail forms. The positive side of the internet meant that I was able to find out a lot more information from searching. Here are some good reference points for anybody that needs to protect a mail form.

http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay – This is the first blog that I came came across. It has a useful description of what is happening and lots of comments.

http://www.anders.com/projects/sysadmin/formPostHijacking/
– The first site nicely summed up into clearer information (from the same person)

http://securephp.damonkohler.com/index.php/Email_Injection – A description on how to prevent email injection in php.

www.php.net also has useful information in the comments of the mail function.

I am hoping that since the attack was not successful the spam attempts will stop. The last thing I want to do is build one of those type the letters from the picture things for a community bands contact web form.

Baking

Well it has been a while since a post. I have been very busy with work recently and will be till the 31st of October when I get holidays. This weekend, besides catching up on some must needed housework, I decided to do some baking. Along with Anzac biscuits and chocolate chips cookies I made my first pizza dough. It is actually the first dough I have ever made. All went well and easier then ever expected. I used this easy recipe.

crazy parrot
We also are now parrot sitting dad’s quaker. No not the religious society that I see you find when you search quaker in google, but the south american parrot seen on this quaker parrot website. The photo is from last time we parrot sat.

Time for an update

Things got busy and I forget about updating the blog so here is a bit of an update.

Toshie (Andrew’s parent’s puli) now has his own blog. check it out!

We held a suprise birthday party in kalinga park for Andrew. The weather was beautiful and we had a great day.

I now have a laptop (which I am actually using now). I have installed Ubuntu on it and have found it really easy to use. At my second attempt, I successfully set up apache and mysql. This allowed me to demonstrate the band website last night at band. Suprisingly (or not so suprisingly) I had an easier time connecting to the net through our home network and then work network then with a window’s machine.