[ic] spamming with IC contact form?
Mike Heins
mike at perusion.com
Fri Apr 1 14:49:09 EST 2005
Quoting Dan Bergan (danb at championshipproductions.com):
> Mike Heins wrote:
>
> >Quoting Dan Bergan (danb at championshipproductions.com):
> >
> >
> >>I received a suspicious "bounce" message today and it looks like someone
> >>used my IC contact form to send spam.
> >>
> >>I use the contact form from the Foundation catalog. The form allows
> >>input fields for a customer's name, email address, phone number and a
> >>message. It looks like the form submission was crafted so that email
> >>address field contained much more information.
> >>
> >>I found the session and the "email address" field contained the following:
> >>From: (email address deleted)
> >>To: (email address deleted)
> >>BCC: (email address deleted)
> >>Content-Type: multipart/mixed; boundary=cckdvsl
> >>X-GUID: 959f8348-c59f-bd69-965d-e19cf43bab12
> >>
> >>
> >
> >I am not aware that we have had such a form in the distributed foundation
> >since 4.6. Do you have a page name or URL that says where this is?
> >
> >
> >
> The form is in the "pages" directory and it is called contact_form.html
>
> My version of IC is 5.2, but I originally installed 5.0. I have a
> catalog that has been pretty much left "as-is" that I use for some
> testing, and the "contact_form.html" is in there.
I don't think that page has been linked to anything for
years, but it would certainly be available to anyone asking
for it in a URL.
This should go at the top of special_pages/send_contact_form.html to
combat any problem:
[calc]
$Values->{email} =~ s/^\s+//;
$Values->{email} =~ s/\s+$//;
$Values->{email} =~ s/[\r\n].*//s;
$Values->{name} =~ s/[\r\n].*//s;
return;
[/calc]
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.647.1295 tollfree 800-949-1889 <mike at perusion.com>
Prove you aren't stupid. Say NO to Passport.
More information about the interchange-users
mailing list