No Spam Attacks Today

Published on 27 November 2005 in , , , ,

So the new web forms survived their first email injection attack. Should really get the new script rolled out on the rest of the site now I suppose.

But the new script showed how unclever these attacks are. The script that attacked the site didn’t even bother to spoof any referrer details, which ironically, would have made it easier for them to misuse my email forms! Well would have if I hadn’t temporarily disabled some functionality.

Was interesting to note that an AOL account was being used to see if the attempt had been successful – the initial attacks always include an attempt to email one account. Normally it’s with some low league, free email provider. This time it was AOL.

Well it won’t stop them trying, but I fired off an email to AOL’s abuse department none-the-less, and hopefully they’ll suspend the account. Well if they want to be viewed as a responsible ISP they will anyway…