Lately I seem to keep getting this type of garbage entered into my contact as forms and some other various forms accross a few of my sites. It looks like this


jacket
Content-Type: multipart/alternative; boundary=6e920c7da0fc5605bb54b4f003be6705
MIME-Version: 1.0
Subject: broke up a ethodist prayer meetin . e was th boy
bcc: hollowiog1503@aol.com

This is a multi-part message in MIME format.

--6e920c7da0fc5605bb54b4f003be6705
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

looking eyes on the leg of it, not bigger nor the leg of a lark, ir, to say nothing of the beautiful salmon fish that comes leaping into your arms, fairly out of the water the craturs, with their tails
--6e920c7da0fc5605bb54b4f003be6705--


Or something similar. What exactly are they trying to do does anyone know?

I've tightened up my forms now to reject BS data like this but I was just wondering.

It looks like someone is exploiting your contact form to send out spam from your server. They're using an email injection attack where they inject extra information into the email header before your mail function sends it out.

Here's a good article that explains what's going on in more detail and offers some solutions: http://securephp.damonkohler.com/index.php/Email_Injection

Or at the very least that they're trying to do it. Some well known mail scripts, like formmail, have vulnerabilities and often they'll run a test to see if you're using it.

Nice article :) yeah looks like they were trying to send mail, unsuccessfully. Well all the fields are regex'ed now so problem solved.

:D