Hacking php...

  barryoneoff.co.uk 14:10 11 Mar 2006
Locked

I recently updated my website, and as usual used a contact form and php rather than publish an email address.

I use a system where a name, email address, and message have to be entered to hopefully get rid of time wasters (a php message pops up informing them that they have missed a field etc).

This morning I had four emails from the contact form with email addresses that end in my site name (@barryoneoff.co.uk). What is worrying me is have they got access to the php on my host's server, and can they do any damage?

Here is the contents of one of the E-mails I got from my Spam filter.

and
Content-Type: multipart/alternative; boundary=f13c7c01afadd26829e4ea52f072cfcc
MIME-Version: 1.0
Subject: wait f
bcc: [email protected]

This is a multi-part message in MIME format.

--f13c7c01afadd26829e4ea52f072cfcc
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

want that but don t. h merican business man is too fly. e
--f13c7c01afadd26829e4ea52f072cfcc--

  powerless 21:28 11 Mar 2006

Umm...

If they have access they could do a whole lot more damage.

Change your passwords etc.

  beynac 22:38 11 Mar 2006
  barryoneoff.co.uk 23:01 11 Mar 2006

I use php instead of email links, I don't use email addresses on site.

I am wondering why they are bothering, there must be a motive, and they wre not trying to guess an address as the first part is nonsense with numbers. These are the prefixes they have used with the @barryoneoff:

er1368

and1363

tto6836

circle2361 - this was the one with the above message, the others were blank. Puzzling eh?

  barryoneoff.co.uk 10:21 12 Mar 2006

This is still a puzzle. Here is the latest one:

from have5725 @ Barryoneoff.co.uk
living
Content-Type: multipart/alternative; boundary=7f335a059bdf6f92325e57cc34ac501f
MIME-Version: 1.0
Subject: passing
bcc: [email protected]

This is a multi-part message in MIME format.

--7f335a059bdf6f92325e57cc34ac501f
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

birthday with his nurse, iss ngybel lim, th well known specyal nurse iv th venin luff. t th time th phottygraft was taken, th infant was about to bite iss lim which accounts f r th agynized exprission
--7f335a059bdf6f92325e57cc34ac501f--

  Haol 12:29 12 Mar 2006
  barryoneoff.co.uk 12:35 12 Mar 2006

but why are they using a BCC to someone else in the email content?

I'm just worried that they have found a way around the contact form to send emails from my address. If not, why would they be wasting their time like this?

  Haol 15:17 12 Mar 2006

It may not be people, it may just be bots.

  barryoneoff.co.uk 15:24 12 Mar 2006

wouldn't be able to fill in a form and press the 'send' button. It has to be human(s).

  Haol 17:47 12 Mar 2006

Oh sorry because bots don't crawl the internet indexing every page they came across.

  barryoneoff.co.uk 23:02 12 Mar 2006

indexing a page submit phony email addresses by form?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Fujitsu Lifebook P727 laptop review

Microsoft Paint set to die after 32 years

Mac power user tips and hidden tricks

Comment désactiver la saisie intuitive et paramétrer votre clavier ?