Justin Cook wrote:
I've got a question for the appropriate higher minds.
I fixed one of my clients self-built contact forms after I had an inkling that someone was injecting headers into it to use it as a relay. Turns out I was right, but it's beyond me what they're trying to accomplish:
Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: which a rising moon now threw from the scattered clouds bcc: charleslegbe(a)aol.com
648a4d46b041327ac30fe4f27a9b72ee .
Tons and tons of that just that. What possible use could this garbage be? Is someone trying to blackhole their domain?
This was my easy fix for each website I maintain: RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .*contact.* RewriteCond %{HTTP_REFERER} ^$ RewriteRule (.*) / [R,L]