Re: Spam cracker
- From: "J.O. Aho" <user@xxxxxxxxxxx>
- Date: Thu, 23 Nov 2006 19:01:28 +0100
vitay wrote:
Hi
I have a website (shop with user accounts) with logging script in PHP and my logger show me like this:
var $_POST['login'] shows:
"user234@xxxxxxxxxxxx"
var $_POST['password'] shows:
"
Received: from 1.2.3.4 ([193.17.41.24])
...
BCC:user235@xxxxxxxxxxxx
BCC:userasd4@xxxxxxxxxxxx
BCC:userasd023@xxxxxxxxxxxx
by 1.2.3.4 (Postfix) with ESMTP id 393FF2B9B9;
Thu, 23 Nov 2006 20:00:59 +0100 (CET)
Content-Type: multipart/related;
type="multipart/alternative";
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.413 (Entity 5.413)
.......
Here some spam text
"
His IP is changing every few minutes and he is trying all the time from yeastarday.
He uses a auto-script and thinks your login is a "feedback mailer" and is trying to inject extra extra mail headers (those BBC:), I suggest you just switch the name of the login page and fix the links on your site and the traffic will end (at least for a while).
You can also look at the $_SERVER['HTTP_REFERER'] to see if the person who logs in comes from another page on your site or not (keep in mind that many nowadays turned off this in their browsers).
$_SERVER['HTTP_USER_AGENT'] can also be used to check if there is something suspect, if you don't think the browser he says he is using is an okey one, then "ban" that browser name/version, keep in mind that this can be turned off in a normal browser.
//Aho
.
- References:
- Spam cracker
- From: vitay
- Spam cracker
- Prev by Date: Re: Spam cracker
- Next by Date: Re: Firefox works and not IE
- Previous by thread: Re: Spam cracker
- Next by thread: webmaster wanted
- Index(es):
Relevant Pages
|
