Formmail abuse

software development

#1

Depends. What do you mean by ‘interesting’? :>

  • Jeff @ DreamHost
  • DH Discussion Forum Admin

#2

i’d say making a script that appears to work, but doesn’t would be good.

i don’t have any specific suggestions though, although modifying an existing form-to mail script to do something like this would probably not be too difficult :>

probably just replacing the path to sendmail with a custom script designed to ‘absorb’ all the messages would suffice.


#3

You could write a script that sends mail to nccs@fbi.gov reporting that a violation of title 18, part 1, chapter 47, section 1030 is currently occurring, giving the IP number accessing your website, the HTTP_USER_AGENT string, etc., and requesting prosecution.

Seems to me that it would also be fairly easy to query ARIN to determine the netblock owner for that IP, and add that information to the mail you are sending, naming them as accessory to the crime, and send a copy of the email to the netblock owner as well.

Then you return a Location: header, so that the user downloads something huge - perhaps a copy of the newest version of MSIE. It would be preferable in our dreams to have them download a program that corrupts their hard drive, but that would be illegal, and MSIE is enough of a virus to suit anybody.