Mail insertion hack on Send Mail form

N

nauticalmac

I'm using CDO to send mail to the site owner from ASP pages with forms.
Recently one of my forms is occasionally sending email with what seems
to be an insertion which is replacing the plain text part of the email
with something else. Looking at the server sent email source, the
hacked emails have the following:

This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C60610.91D1FFA0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: base64
QmVsb3cgaXMgdGhlIHJlc3VsdCBvZiB5b3VyIHJlcXVlc3QgZm9yIGluZm8gZm9ybS4...etc
.....................S0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCi0tLQ0K
------=_NextPart_000_0001_01C60610.91D1FFA0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
.......the correct html content

On a non-hacked email the content is:

This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C5FD9B.47C9C190
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Below is the result of your request......
.........the correct plain text content
------=_NextPart_000_0001_01C5FD9B.47C9C190
Content-Type: text/html
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
.......the correct html content

How can I prevent this happening?
What is the evil hacker attempting to include?
Apart from the submitter's email address and links to a chinese site,
all the rest of the characters in the submission are non-english
(irrelevant no doubt).
I am changing the form to include a server generated value which will
make it harder for this to be done by posting to the page without going
to the form first. I am clipping all form entries to reasonable sizes.
What can I look for in or strip from the form submission to decide to
trash the attempt?
Colin
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,733
Messages
2,569,439
Members
44,829
Latest member
PIXThurman

Latest Threads

Top