I don't appreciate who ever it was who used one of the links here to my site then attempted to spam one of my clients using the contact form!

IP: 24.18.209.240
Country: United States
City: Seattle, Washington
05:56:05 PM December 3 Saturday Mozilla/4.0
Comcast Cable Communications
I certain hope it doesn't happen again. If so, next time you visit, your computer may get a little sick......

Are you sure it came through here?

Well... Don't let that IP address access your space any more... As simple as that...

Well... Don't let that IP address access your space any more... As simple as that...


The truth is seen.

Are you sure it came through here?
Yeah, it came off a site check. The IP has been added to my htaccess file.

BLOCKED.

Still it is not very cool for a AS[org] user (or perhaps guest) to be doing that. Tisk Tisk.......

Just out of curiosity... What did he exactly do???

My contact form validates user's name, email, subject, and message. If null it says something like "Please enter a name". So my client got a bunch of email with "Please enter a name" "Please enter a subject" "Please.enter.a.email.@none.com" "Please enter a message". The worse part is the "attacker" changed the email error message. He made it all one string and stuck a @ and a "." so it would go threw.

I just don't think that is very cool if it was a AS[org] member. Still not very cool if it was a guest.

Oh yeah, and it was off of a site check like I mentioned earler. I specifically ask that no one "test" the contact form.

Perhaps I was venting a little too much in my first post, but i was a bit angry. It is all good now.

Life is peachy :) I'm audition for a Doctorate in Music tomarrow/this moring. YEAH!

My contact form validates user's name, email, subject, and message. If null it says something like "Please enter a name". So my client got a bunch of email with "Please enter a name" "Please enter a subject" "Please.enter.a.email.@none.com" "Please enter a message". The worse part is the "attacker" changed the email error message. He made it all one string and stuck a @ and a "." so it would go threw.

I just don't think that is very cool if it was a AS[org] member. Still not very cool if it was a guest.

Oh yeah, and it was off of a site check like I mentioned earler. I specifically ask that no one "test" the contact form.

Perhaps I was venting a little too much in my first post, but i was a bit angry. It is all good now.

Life is peachy :) I'm audition for a Doctorate in Music tomarrow/this moring. YEAH!

you need to protect your code, so folks can't change stuff like that. if you are using GET, change it to POST.
also, handle everything inside of flash, so that nothing is sent from flash until all information is valid.... emails with error messages showing should never get past your validation routine.

how did the attacker change your error message?

Well... You can potentially ask Jesse or Strok to punish them cuz we know they are from the forum... But I'd just bite the bullet and make the code better... It's not really going to stop somebody if they really want to try to give you hard time... Know what I mean???

how did the attacker change your error message?He/she didn't really change it, just provide "non-sense" information that passed validation.
You can potentially ask Jesse or Strok to punish them cuz we know they are from the forumIf I get more of the same attacks, I will. But I'll let this one go... life is too short.

And BTW, I just got accepted to get my doctorate in music, yeah! :)

Cool... Congrats... and have great fun studying... ;)