[TYPO3] Spammers using mailformplus for header injection attack

James Corell jcorell at e-p-c-s.com
Sat Dec 8 04:30:06 CET 2007


Hey all!

I'm using TYPO3 v 4.0.5 with mailformplus v 4.0.3

It appears that spammers are using my forms to perform an email header
injection attack on my mail server, spamming outside targets like crazy.
What can I do, short of installing a CAPTCHA? Shouldn't mailformplus already
be stripping headers out of input fields as a matter of basic security? This
is killing my server's reputation as a legitimate mail source.

James Corell
jcorell at iprus.net




More information about the TYPO3-english mailing list