We’ve been tracking this for awhile and it seems to be getting worse. Contact forms on your website that accept information without doing any checks for malicious data are a great way for spammers to use your site for their work. If you are receiving email through your forms that have addresses like someword@yourdomain.com, a spambot may be phishing for valid email addresses. Also, these bots may include an address from the following list (or similar) as a way to let it know if your form is vulnerable to hacking.

Here’s a list of the addresses we have seen:
Bcc: Hollowiog1503@Aol.Com
Bcc: Frekiforbes@Aol.Com
Bcc: Voiettag@Aol.Com
Bcc: jrubin3546@aol.com
Bcc: mkoch321@aol.com
Bcc: wnacyiplay@aol.com
Bcc: kshmng@aol.com
Bcc: homeiragtime@aol.com
Bcc: bergkoch8@aol.com
Bcc: tlccooperfamlly@aol.com
Bcc: tlcc00perfamily@aol.com
Bcc: jmpatton2OOO@aol.com
Bcc: bajfIa@aol.com
Bcc: bajfIa@aol.com
Bcc: bajfla3@aol.com
Bcc: bajfla1@aol.com
Bcc: bajfla2@aol.com
Bcc: hellothere@ToughGuy.net
Bcc: Markt8@ToughGuy.net
Bcc: punk65@PunkAss.com
Bcc: magnetic54@SexMagnet.com
Bcc: andagain@GameBox.net
Bcc: Montana88@GameBox.net
Bcc: india901@HotPop.com
Bcc: onemoreaddress@hotpop.com
Bcc: esau908@BonBon.net
Bcc: battsl1005@aol.com

This technique is called email header injection. In many programming languages, especially PHP, it is very easy to take the contents from a form submission and email them. If programmers don’t plan ahead, these scripts are easily hacked by sending the script extra email header information in one of the form fields. This extra header information can override your intended To:, From:, and Subject: fields, siezing control of your contact form’s email output.

Read the rest of this entry »

Tags: Contact form, spambot, hacking, email header injection, email header