Weird database entry

Weird database entry

am 29.05.2006 22:51:21 von Mark Fellowes

------=_EDNP_0000_01942afd-cded-4d7a-8c84-195087d6027b
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

ï»=BFI checked my registration table recently and found 3 weird entr=
ies. =0AFirst, this is where someone registers a username and password.=
The password is generated but encrypted , and an email link must be=
responded to activate the account , which these were not but it kind=
of threw me anyway. This what was in the username field:=0AContent=
-Type: multipart/alternative; =0Aboundary=3D6bc7cccbb294b179bd23781d7d30=
0264=0AMIME-Version: 1.0=0ASubject: said ophie call once again he ammerj=
unker=0Abcc: Deepawar@aol.com=0AThis is a multi-part message in MIME for=
mat.=0A--6bc7cccbb294b179bd23781d7d300 Now, since my site is not=
totally operational and not really in production I gues I still should=
have put the validation code in anway :) However aside from my bad=
behaviour does this type of entry signify an attempt at an attack of=
any kind ? TIA =0AMark
------=_EDNP_0000_01942afd-cded-4d7a-8c84-195087d6027b--

Re: Weird database entry

am 30.05.2006 05:15:52 von Chris

Mark Fellowes wrote:
> I checked my registration table recently and found 3 weird entries.
> First, this is where someone registers a username and password. The password is generated but encrypted , and an email link must be responded to activate the account , which these were not but it kind of threw me anyway.
>
> This what was in the username field:
> Content-Type: multipart/alternative;
> boundary=6bc7cccbb294b179bd23781d7d300264
> MIME-Version: 1.0
> Subject: said ophie call once again he ammerjunker
> bcc: Deepawar@aol.com
> This is a multi-part message in MIME format.
> --6bc7cccbb294b179bd23781d7d300
>
> Now, since my site is not totally operational and not really in production I gues I still should have put the validation code in anway :)
>
> However aside from my bad behaviour does this type of entry signify an attempt at an attack of any kind ?

Yes. Someone is trying to use your registration form for spam and
assuming that you're not doing any checks on content.

Check http://www.securephpwiki.com/index.php/Email_Injection for details
on how to stop this from working - it won't stop the attempts but spam
won't be sending out from this particular form.

If you want to stop it from happening altogether, you'll need to look at
using captcha.

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php