Spammer script subversion
-
Any comments on this from CNET:
“
Another vulnerability to consider
by Laise Brown – 01/12/06 03:19
In reply to: Additional advice from our members by Lee Koo (ADMIN) ModeratorMost responsible ISPs are clamping down on spammers, so they’re looking for other ways to distribute their junk mail. If ANY of the forms on your site generate an email message, you need to double-check that the scripts behind them can’t be subverted into sending a mail message injected by the user, to addresses injected by the user. If they can, guess whose mail gateway’s going to be blacklisted?
Don’t assume that the the spammer has to use your form. There’s nothing easier than to set up an automat that generates Post requests with ANY data. I’ve seen attempts of this nature with 99 bcc: addresses as a ‘response’ to the ‘Country’ select box, or 10 links to pornographic sites in the field that theoretically corresponds to a radio button.
“There are forms/scripts in WordPress I guess responsible for generating emails when members subscribe or comment . . . are they safe???
- The topic ‘Spammer script subversion’ is closed to new replies.