Somehow I don’t think this is worth making a filtering rule for, but it’s amusing. How many characters of this header to you need to scan before you know it’s forged?
Reveived: from web.de
by fmmailgate04.web.de (Postfix) with SMTP id 94F36A25FF;
Fri, 21 Jul 2006 17:03:27 +0200 (CEST)
Trac is a fantastic, world-dominating software project management and bug-tracking system written in Python. It integrates with Subversion and has a wiki and just works. Even the Rails guys use it. It’s possible that if Trac and Chuck Norris walked into a bar, only Trac would leave.
But unfortunately, the comment-spammers and wiki-spammers have noticed Trac and have been updating their scripts. Hence the 12,000 15,000 hits for “trac spam.”
I guess this means that the RapidWeaver developers haven’t been reading my blog.
Does your website contain mail forms that aren’t sanitizing input as aggressively as they should? There seems to have been a recent surge in automated (or semi-automated, it’s hard to tell) probes and exploits of form mail scripts, all revolving around injecting headers into sent mail.
Here’s how it works: Let’s say you have a form that allows the user to enter their email address. The black hat’s exploit script submits a value for that field that includes a newline, followed by whatever email headers they want to insert: Bcc, for example, or even full-blown MIME-encoded parts.