[ic] spamming with IC contact form?

Dan Bergan danb at championshipproductions.com
Fri Apr 1 14:35:24 EST 2005

Mike Heins wrote:

>Quoting Dan Bergan (danb at championshipproductions.com):
>>I received a suspicious "bounce" message today and it looks like someone 
>>used my IC contact form to send spam.
>>I use the contact form from the Foundation catalog.  The form allows 
>>input fields for a customer's name, email address, phone number and a 
>>message.  It looks like the form submission was crafted so that email 
>>address field contained much more information.
>>I found the session and the "email address" field contained the following:
>>From: (email address deleted)
>>To: (email address deleted)
>>BCC: (email address deleted)
>>Content-Type: multipart/mixed; boundary=cckdvsl
>>X-GUID: 959f8348-c59f-bd69-965d-e19cf43bab12
>I am not aware that we have had such a form in the distributed foundation
>since 4.6. Do you have a page name or URL that says where this is?
The form is in the "pages" directory and it is called contact_form.html

My version of IC is 5.2, but I originally installed 5.0.  I have a 
catalog that has been pretty much left "as-is" that I use for some 
testing, and the "contact_form.html" is in there.

Dan Bergan

More information about the interchange-users mailing list