Mail insertion hack on Send Mail form

Discussion in 'ASP General' started by nauticalmac, Dec 23, 2005.

  1. nauticalmac

    nauticalmac Guest

    I'm using CDO to send mail to the site owner from ASP pages with forms.
    Recently one of my forms is occasionally sending email with what seems
    to be an insertion which is replacing the plain text part of the email
    with something else. Looking at the server sent email source, the
    hacked emails have the following:

    This is a multi-part message in MIME format.
    ------=_NextPart_000_0001_01C60610.91D1FFA0
    Content-Type: text/plain;
    charset="iso-8859-1"
    Content-Transfer-Encoding: base64
    QmVsb3cgaXMgdGhlIHJlc3VsdCBvZiB5b3VyIHJlcXVlc3QgZm9yIGluZm8gZm9ybS4...etc
    .....................S0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCi0tLQ0K
    ------=_NextPart_000_0001_01C60610.91D1FFA0
    Content-Type: text/html
    Content-Transfer-Encoding: 8bit
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <html>
    .......the correct html content

    On a non-hacked email the content is:

    This is a multi-part message in MIME format.
    ------=_NextPart_000_0001_01C5FD9B.47C9C190
    Content-Type: text/plain;
    charset="iso-8859-1"
    Content-Transfer-Encoding: 7bit
    Below is the result of your request......
    .........the correct plain text content
    ------=_NextPart_000_0001_01C5FD9B.47C9C190
    Content-Type: text/html
    Content-Transfer-Encoding: 7bit
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <html>
    .......the correct html content

    How can I prevent this happening?
    What is the evil hacker attempting to include?
    Apart from the submitter's email address and links to a chinese site,
    all the rest of the characters in the submission are non-english
    (irrelevant no doubt).
    I am changing the form to include a server generated value which will
    make it harder for this to be done by posting to the page without going
    to the form first. I am clipping all form entries to reasonable sizes.
    What can I look for in or strip from the form submission to decide to
    trash the attempt?
    Colin
     
    nauticalmac, Dec 23, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nathan Sokalski
    Replies:
    3
    Views:
    1,949
    Larry Lard
    Nov 23, 2005
  2. =?Utf-8?B?Unlhbg==?=
    Replies:
    2
    Views:
    3,910
    Steven Cheng[MSFT]
    Feb 28, 2006
  3. refv8
    Replies:
    2
    Views:
    27,081
    ittower
    Oct 13, 2006
  4. Mike P
    Replies:
    1
    Views:
    568
    =?ISO-8859-1?Q?G=F6ran_Andersson?=
    Mar 1, 2007
  5. Ramon
    Replies:
    2
    Views:
    1,017
    Ramon
    Oct 25, 2007
Loading...

Share This Page