Security and various nuisances

The attacks are ongoing on the old thankyou page. As I've removed it, they get 404 errors. I was getting a dozen a day, it's only a few now.

I've had a new idea to counter the attacks: check the referring page (HTTP_REFERER). It would block the direct injection by a script without specially crafted headers. Right now, most request do not have a referrer, but some have. I have received a few http://www.goelette.net/index.html. As there is no index.html page on my site, I know this is spoofed.

This piece of code can be used on a "self-sending" contact page (the form comes back to the same page for sending).

I'm noticing a wave of new email injection attacks, on osCommerce and non-osCommerce sites alike. A robot looks for contact forms, and adds a linefeed followed by MIME headers. As yet I've only seen harmless tests; a Bcc: field is added, presumably to check if the page is vulnerable (I've got Bcc: jrubin3546@aol.com and bergkoch8@aol.com but there are others).

Adding MIME parts has the interesting effect of hiding the original message (eg tell a friend) and showing the new contents. What is this hack good for? Using your server as a SPAM relay! This is Not Good™; your server might be shut down rather quickly by your hosting company, or you might be blacklisted.