/    Sign up×
Community /Pin to ProfileBookmark

Form Spam

Copy linkTweet thisAlerts:
Aug 31.2009

I have received a couple of form submissions with this in the comment section:

[code=html]Apache/2.2.3 (Debian) mod_python/3.2.10 Python/2.4.4 PHP/5.2.0-8+etch15 mod_ssl/2.2.3 OpenSSL/0.9.8c Server at allhomedecor.org Port 80

——————————————————————————–

The requested URL /forxru2/zadanie.txt was not found on this server.

[/code]

I am not sure if they simply pasted some text in, or if they attempted to run a script on my page. Anyone seen anything like it before?

to post a comment
PHP

5 Comments(s)

Copy linkTweet thisAlerts:
@JunkMaleSep 01.2009 — It looks like somone is poking servers with something, I found 278 examples of same type of thing so I would say yes, someone tried to exploit a weakness in your server by possibly attempting an upload and execution of that code.

Some of the results go back as far as december 2008 and some are recent and one I found in the results was yesterday.
Copy linkTweet thisAlerts:
@JunkMaleSep 01.2009 — Additional... I tried searching for just the zadanie.txt and found 70,000 results, so I will say a large portion of these are genuine attempts to crack.

I visited the host name in the record and it simply says that the site has just been created and content is coming soon.

Checking the domain records returns an record showing that the user is Dutch and the servers are operating out of Luxembourg. The Dutch portion of the address is not public and is a PO Box number.
Copy linkTweet thisAlerts:
@ZnupiSep 01.2009 — Try using a [url=http://it-ride.blogspot.com/2009/08/captcha.html]captcha[/url] ?
Copy linkTweet thisAlerts:
@TecBratauthorSep 21.2009 — Thanks for the replies.
Copy linkTweet thisAlerts:
@JunkMaleSep 22.2009 — I would also say that you should salting your forms too... The reason being that clever bots will decode the captcha, so adding your own salt to the process will give you a secondary line of defense in determining if your form submission was served from your servers and is not some bot poking your email form and bypassing captcha.

I would also beef up your sanitizing routines in your script too.
×

Success!

Help @TecBrat spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.2,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,
)...