RE: [SLUG] Spam from forms

From: Ken Elliott (kelliott11@cfl.rr.com)
Date: Thu Feb 01 2007 - 20:11:26 EST


>> They send this as a page request to the server. The server processes it
as though it actually came from viewing the page, emailing me the
"response".

>> Does that sound right?

Yes. The response to a form will be something like http: // mydomain.com /
replypage.pgp ?username=joe & color=red
(I added spaces to prevent it from displaying as a link)

Your server will take the file 'replypage.pgp' and process it. PGP will
extract the variables 'username' and 'color'. In your case, I suspect the
script will craft an email to you with that data, and generate a reply page
for the non-existant user. Thus you see an email from your server.

Try if for yourself. Fill out the form and submit it. Copy the URL and
modify the contents of the fields. Paste it back into the browser and
you'll get another email. It's fun and the whole family can play...

Ken Elliott

=====================
-----Original Message-----
From: slug@nks.net [mailto:slug@nks.net] On Behalf Of Paul M Foster
Sent: Thursday, February 01, 2007 12:59 AM
To: slug@nks.net
Subject: Re: [SLUG] Spam from forms

Ken Elliott wrote:
>>> And I can't see how a script from somewhere else could feed data
>>> into a
> form and then submit it.
>
> It doesn't actually fill out the form. It simply sends a page request
> that looks like what you'd get by filling out a form.
>
> If I load your form, fill it out and hit 'submit', your form sends a
> string that contains fieldnames and data. If I craft a script that
> simply sends the same string, your server will react the same way as a
form.
>

Hmm. Still not quite sure. The forms normally get emailed to me from within
the PHP script. The headers on the email look as though they were mailed
from the site, not from some other email address. Which means they're doing
this whole thing via http. So what you're saying is they connect to NKS's
SLUG server on port 80, And then instead of simply feeding a URL for a
server to return, they construct a text file that looks like what I'd
normally get back from the form. That is, something
like:

header info
Name: spam content
Email: more spam content
other POST variables and spam content
closing info

They send this as a page request to the server. The server processes it as
though it actually came from viewing the page, emailing me the "response".

Does that sound right?

Paul

--
Paul M. Foster
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS).  Views and opinions expressed in messages posted
are those of the author and do not necessarily reflect the official policy
or position of NKS or any of its employees.

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:10:11 EDT