Good Oyster
Perch
I have several websites I've created that use forms for visitors to contact the site owner. I also recieve copies of the emails generated by these form submissions. Lately, several of the sites are getting these weird submissions (see example below). :
(In the example I put spaces around the "@" symbols.)
I suppose someone is trying to hack these forms. I have maxlengths set for all inputs, but what is really weird is the "City" field in the example above is limited to 50 characters, yet they obviously put in more than that. Is there anything else I must do to secure these forms from attackers? I am using ColdFusion and the cfmail tag.
Another thing about this - there have ben 5 different sites attacked like this, and everyone of them contain the same info, including the "bcc:Homeiragtime @ aol.com" as part of the "City" data.
If anyone else is seeing this in their forms, or knows how to keep these messages from going through, please reply.
Thanks.
This person needs info about Buck Hummer and the Pick-Ups, or they want to schedule an appearance.
Name: pxbw @ buckhummer.com
Address: pxbw @ buckhummer.com
pxbw @ buckhummer.com
City: pxbw @ buckhummer.com Content-Type: multipart/mixed; boundary="===============1511639006==" MIME-Version: 1.0 Subject: 38493bc To: pxbw @ buckhummer.com bcc: Homeiragtime @ aol.com From: pxbw @ buckhummer.com This is a multi-part message in MIME format. --===============1511639006== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit nude --===============1511639006==--
State, Zip: pxbw @ buckhummer.com, pxbw @ buckhummer.com
Email: pxbw @ buckhummer.com
Comments: pxbw @ buckhummer.com
(In the example I put spaces around the "@" symbols.)
I suppose someone is trying to hack these forms. I have maxlengths set for all inputs, but what is really weird is the "City" field in the example above is limited to 50 characters, yet they obviously put in more than that. Is there anything else I must do to secure these forms from attackers? I am using ColdFusion and the cfmail tag.
Another thing about this - there have ben 5 different sites attacked like this, and everyone of them contain the same info, including the "bcc:Homeiragtime @ aol.com" as part of the "City" data.
If anyone else is seeing this in their forms, or knows how to keep these messages from going through, please reply.
Thanks.