SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Evangelist
    Join Date
    Nov 2003
    Location
    England
    Posts
    540
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Submitting MIME into comments section on contact forms, bot?

    Hi all,

    I work for a company that develop solutions for the real estate industry in Spain, and lately, some of our clients have been reporting weird emails coming from their enquiry forms.

    They'll generally receive something like the following, i've made the MIME data thats inserted into the 'comments' section italic.

    Code:
    > Name: hdzelo@clientsite.com
    > Email: hdzelo@clientsite.com
    > Telephone: hdzelo@clientsite.com
    >
    > hdzelo@clientsite.com
    > Content-Type: multipart/mixed; boundary="===============0446793226=="
    > MIME-Version: 1.0
    > Subject: f8a99c39
    > To: hdzelo@clientsite.com
    > bcc: bergkoch8@aol.com
    > From: hdzelo@clientsite.com
    >
    > This is a multi-part message in MIME format.
    >
    > --===============0446793226==
    > Content-Type: text/plain; charset="us-ascii"
    > MIME-Version: 1.0
    > Content-Transfer-Encoding: 7bit
    >
    > smo
    > --===============0446793226==-->
    >
    > --------------------------------------------------
    > This enquiry was generated through your website.
    Is this a known occurence? if so, what is this trying to achieve? Whats the significants of the Bcc address?

    Comments appreciated
    Thanks, Matt.

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,161
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)

    MIME content

    When emails contain attachments, or are more than just plain text, they have boundaries so the email can be delivered and parsed into it's "multi-parts".
    Sort of an email way of nesting content in elements. If your contact form was plain text but now provides for HTML, embeded and/or attached content, that's the reason for the boundaries. The content-type information allows for interpreting the content properly. This is entirely normal.

  3. #3
    SitePoint Evangelist
    Join Date
    Nov 2003
    Location
    England
    Posts
    540
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Mittineague thanks for the response. The emails are being sent in plaintext, so someone or something is repeatedly pasting in MIME data into the comments textbox on the contact/enquiry forms of our sites.. Thats what I find suspicous.

  4. #4
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,161
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)

    MIME types in text-only email

    Yes, very suspicious. Sometimes emails that have been repeatedly forwarded get ugly, but if this is from a contact form, I would worry that someone is trying to abuse it.

  5. #5
    SitePoint Guru puco's Avatar
    Join Date
    Feb 2005
    Location
    Slovakia
    Posts
    785
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I noticed the same abuse of out contact form. The guy tried to send the same mail with the same BCC address. Fortunately ASP.NET classified his request as potentially malicious and didn't send it. But it your contact form can send e-mails only to address explicitly specified in your code (and not submitted through some hidden field) then the only abuse he can do is to spam your mailbox.
    Martin Pernecky

  6. #6
    SitePoint Evangelist
    Join Date
    Nov 2003
    Location
    England
    Posts
    540
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That ASP.NET functionality sounds good, we currently use PHP but are coding our next release in ASP.NET with C#.

    The only thing I can think of is that perhaps its trying to exploit forms and bcc the request to the aol address, therefore collecting active email addresses to spam?

  7. #7
    SitePoint Guru puco's Avatar
    Join Date
    Feb 2005
    Location
    Slovakia
    Posts
    785
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by matt-
    That ASP.NET functionality sounds good, we currently use PHP but are coding our next release in ASP.NET with C#.

    The only thing I can think of is that perhaps its trying to exploit forms and bcc the request to the aol address, therefore collecting active email addresses to spam?
    No, I think the guy is just testing whether he receives the email from your contact form on his email address that is specified in BCC. I he receives it he knows that he can use it to spam people and then the real fun begins.
    Martin Pernecky

  8. #8
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,161
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)

    contact form abuse

    It would be much safer to limit the number of contact form recipients to only 1 (preferably hard coded in, no input option) or as few as necessary. Other then for a "send this to a friend" type of script, do visitors really need to send copies of their contact page info to others? If you need to send bulk emails I would do it from a restricted access page.

  9. #9
    SitePoint Evangelist
    Join Date
    Nov 2003
    Location
    England
    Posts
    540
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    puco: good point, that sounds about right, and much more menacing..

    Mittineague: The form is for people to contact the company via email, all they can do is supply their name, email and a message. The 'user' is inputting MIME into the message. What he was trying to do doesn't seem to have worked anyway though, since the email is sent in plaintext.

    Perhaps as an additional measure, the message could be checked for MIME content before sending.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •