[ic] spamming with IC contact form?

Dan Bergan danb at championshipproductions.com
Fri Apr 1 15:16:08 EST 2005


Mike Heins wrote:

>Quoting Dan Bergan (danb at championshipproductions.com):
>  
>
>>Mike Heins wrote:
>>
>>    
>>
>>>Quoting Dan Bergan (danb at championshipproductions.com):
>>>
>>>
>>>      
>>>
>>>>I received a suspicious "bounce" message today and it looks like someone 
>>>>used my IC contact form to send spam.
>>>>
>>>>I use the contact form from the Foundation catalog.  The form allows 
>>>>input fields for a customer's name, email address, phone number and a 
>>>>message.  It looks like the form submission was crafted so that email 
>>>>address field contained much more information.
>>>>
>>>>I found the session and the "email address" field contained the following:
>>>>From: (email address deleted)
>>>>To: (email address deleted)
>>>>BCC: (email address deleted)
>>>>Content-Type: multipart/mixed; boundary=cckdvsl
>>>>X-GUID: 959f8348-c59f-bd69-965d-e19cf43bab12
>>>>  
>>>>
>>>>        
>>>>
>>>I am not aware that we have had such a form in the distributed foundation
>>>since 4.6. Do you have a page name or URL that says where this is?
>>>
>>>
>>>
>>>      
>>>
>>The form is in the "pages" directory and it is called contact_form.html
>>
>>My version of IC is 5.2, but I originally installed 5.0.  I have a 
>>catalog that has been pretty much left "as-is" that I use for some 
>>testing, and the "contact_form.html" is in there.
>>    
>>
>
>I don't think that page has been linked to anything for
>years, but it would certainly be available to anyone asking
>for it in a URL. 
>
>This should go at the top of special_pages/send_contact_form.html to
>combat any problem:
>
>[calc]
>    $Values->{email} =~ s/^\s+//;
>    $Values->{email} =~ s/\s+$//;
>    $Values->{email} =~ s/[\r\n].*//s;
>    $Values->{name}  =~ s/[\r\n].*//s;
>    return;
>[/calc]
>
>  
>
Thanks, Mike.  I'll add that in.

It's been a long time, so I don't remember if I made these changes, or 
if it came as the standard install... but I was able to get to the 
contact_form.html page by first going to the "aboutus.html" page, which 
links to the "contact.html", which then links to the 
"contact_form.html".  Like I said, maybe I did that...

Thanks again,
Dan Bergan



More information about the interchange-users mailing list