G
Guest
Hi all. I have a simple "Contact Us" form on my site (FP2003). It has 4
fields: Name, Email, City/State, and Comment. Lately I've been getting
submissions from the form filled with gibberish and fields that don't exist,
and containing strange email addresses. For reference, here's the body of a
form submission as it normally looks:
----------------------------
subject: Comment Form
redirect: http://www.[mysite].com/thankyou.htm
name: Steve
youremail: (e-mail address removed)
Submit: Submit
comment:
Testing the comment
----------------------------
Now, here's an example of the form submissions I've been getting:
----------------------------
subject: Comment
redirect: http
name: (e-mail address removed)
youremail:
From: (e-mail address removed)
To: (e-mail address removed)
BCC: (e-mail address removed)
Content-Type: multipart/mixed; boundary=mdocjoy
X-GUID: 9cef3e0b-a86d-bb9c-5cb5-1e849f418eaa
--mdocjoy
Content-Type: text/html
Content-Transfer-Encoding: base64
Pzw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9InV0Zi04Ij8+PE1haWxGb3JtIHhtbG5zOnhzZD0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIElEPSI5Y2VmM2UwYi1hODZkLWJiOWMtNWNiNS0xZTg0OWY0MThlYWEiIFRlc3RGYWlsZWQ9IjAiPjxCb2R5PlZUSS1HUk9VUD0wJmFtcDtzdWJqZWN0PUNvbW1lbnQmYW1wO3JlZGlyZWN0PWh0dHAmYW1wO25hbWU9bGFzaG9uQGFod29iLmRlJmFtcDt5b3VyZW1haWw9OWNlZjNlMGItYTg2ZC1iYjljLTVjYjUtMWU4NDlmNDE4ZWFhJmFtcDtsb2NhdGlvbj1tZXJyaUBteW1yeWthc3NvY2lhdGVzLmNhJmFtcDtjb21tZW50PWV3eWJ5dXFqaG88L0JvZHk+PEZvcm1Vcmw+aHR0cDovL3d3dy5ob2xtZXN0aGVtdXNpY2FsLmNvbS9fdnRpX2Jpbi9zaHRtbC5leGUvY29udGFjdC5odG08L0Zvcm1Vcmw+PFJlZmVyZXJVcmw+aHR0cDovL3d3dy5ob2xtZXN0aGVtdXNpY2FsLmNvbS9jb250YWN0Lmh0bTwvUmVmZXJlclVybD48U2VudD4wPC9TZW50PjwvTWFpbEZvcm0+
--mdocjoy--
----------------------------
I wrote to my hosting company's tech support, and here was their reply:
----------------------------
Thank you for contacting Customer Support. Unfortunately it does appear that
your email form has been hijacked by a spammer. However, as the underlying
script which is being hijacked was created by FrontPage you will need to
contact Microsoft about this vulnerability. I apologize for any inconvenience
this may cause.
----------------------------
Has anyone else experienced this? I have no idea what's going on. This has
never happened before, but suddenly I'm getting several submissions every day
like this, each one with different email addresses and gibberish.
I really appreciate any insight you can offer. Thanks very much.
fields: Name, Email, City/State, and Comment. Lately I've been getting
submissions from the form filled with gibberish and fields that don't exist,
and containing strange email addresses. For reference, here's the body of a
form submission as it normally looks:
----------------------------
subject: Comment Form
redirect: http://www.[mysite].com/thankyou.htm
name: Steve
youremail: (e-mail address removed)
Submit: Submit
comment:
Testing the comment
----------------------------
Now, here's an example of the form submissions I've been getting:
----------------------------
subject: Comment
redirect: http
name: (e-mail address removed)
youremail:
From: (e-mail address removed)
To: (e-mail address removed)
BCC: (e-mail address removed)
Content-Type: multipart/mixed; boundary=mdocjoy
X-GUID: 9cef3e0b-a86d-bb9c-5cb5-1e849f418eaa
--mdocjoy
Content-Type: text/html
Content-Transfer-Encoding: base64
Pzw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9InV0Zi04Ij8+PE1haWxGb3JtIHhtbG5zOnhzZD0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIElEPSI5Y2VmM2UwYi1hODZkLWJiOWMtNWNiNS0xZTg0OWY0MThlYWEiIFRlc3RGYWlsZWQ9IjAiPjxCb2R5PlZUSS1HUk9VUD0wJmFtcDtzdWJqZWN0PUNvbW1lbnQmYW1wO3JlZGlyZWN0PWh0dHAmYW1wO25hbWU9bGFzaG9uQGFod29iLmRlJmFtcDt5b3VyZW1haWw9OWNlZjNlMGItYTg2ZC1iYjljLTVjYjUtMWU4NDlmNDE4ZWFhJmFtcDtsb2NhdGlvbj1tZXJyaUBteW1yeWthc3NvY2lhdGVzLmNhJmFtcDtjb21tZW50PWV3eWJ5dXFqaG88L0JvZHk+PEZvcm1Vcmw+aHR0cDovL3d3dy5ob2xtZXN0aGVtdXNpY2FsLmNvbS9fdnRpX2Jpbi9zaHRtbC5leGUvY29udGFjdC5odG08L0Zvcm1Vcmw+PFJlZmVyZXJVcmw+aHR0cDovL3d3dy5ob2xtZXN0aGVtdXNpY2FsLmNvbS9jb250YWN0Lmh0bTwvUmVmZXJlclVybD48U2VudD4wPC9TZW50PjwvTWFpbEZvcm0+
--mdocjoy--
----------------------------
I wrote to my hosting company's tech support, and here was their reply:
----------------------------
Thank you for contacting Customer Support. Unfortunately it does appear that
your email form has been hijacked by a spammer. However, as the underlying
script which is being hijacked was created by FrontPage you will need to
contact Microsoft about this vulnerability. I apologize for any inconvenience
this may cause.
----------------------------
Has anyone else experienced this? I have no idea what's going on. This has
never happened before, but suddenly I'm getting several submissions every day
like this, each one with different email addresses and gibberish.
I really appreciate any insight you can offer. Thanks very much.