HA HA very suspect form submission

[cdog]

I got a couple of emails from a contact form today and wondering if anyone else received similar, its the kind of thing I used to see targetted at guestbooks and stuff. the text is "Haha whach this:"

Has anyone else got any of these messages.I couldnt turn up anything on google

My forms filter out dangerous characters and do a few other security routines.
Obviously Im concerned but not in a panic. Just interested if anyone can shed a bit more light on it

Thanx in advance

 

[Stephen]

sounds like spam submissions, we get them quite a bit abusing the hsphere installed perl guestbook and have to disable them on domains(they can grow to 100MB, and who's going to be able to load a 100MB html page??)

 

[cdog]

Fortunately these submissions arent stored anywhere, I guess my biggest concern was flooding the form handler.

Id also received a few yesterday that just had a mixture of upper and lowerchase characters in the form fields and 1 valid email address pattern, almost looks like encrypted strings but it doesnt make any sense that they would do that unless it was a form of cross site attack, but I havent encountered one that looks like that before.

Anyhow thats how it started and continued today with the ha ha submission, all up I think it was about 10 emails with the log entries for that form matching the received emails. If their intent was to make me waste my morning trudging through log files then they succeeded. :evil:

Thanks for the reply and wondering how you get time to have a life outside of working for jodo
(I mean that in the nicest possible way)

 

[Stephen]

hrm I wonder sometimes myself

Now about that encryted text, you MAY very well be seeing this SQL injection trojan network that is going around, they pretty much fill in any form and submit it, it has random characters and all like you have mentioned in an encrypted format(that mssql decrypts, and then puts some chinese website in the pages on successful injections)

they dont JUST hit forms, but they hit forms, search boxes, any type of field quite heavily.
IPs are random all over world, not easy to stop from what I have seen.