Email injection attack

This morning before heading off to work (yes I know it is a saturday) I decided to check my email quickly only to discover that the band website contact form had been attacked (or at least tried). Luckily they were not successful because I had none of the form variables going into the header of the mail but still opened my eyes to another vunerability that I have now fixed on all my mail forms. The positive side of the internet meant that I was able to find out a lot more information from searching. Here are some good reference points for anybody that needs to protect a mail form.

http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay – This is the first blog that I came came across. It has a useful description of what is happening and lots of comments.

http://www.anders.com/projects/sysadmin/formPostHijacking/
– The first site nicely summed up into clearer information (from the same person)

http://securephp.damonkohler.com/index.php/Email_Injection – A description on how to prevent email injection in php.

www.php.net also has useful information in the comments of the mail function.

I am hoping that since the attack was not successful the spam attempts will stop. The last thing I want to do is build one of those type the letters from the picture things for a community bands contact web form.

About Carly (Admin)

I'm a multimedia developer based in Brisbane. I work for an elearning firm and code my own projects in the wee small hours between eating, sleeping and working.
This entry was posted in Life. Bookmark the permalink.

Leave a Reply