cmendla
Member
Over the last couple of days i've noticed that the IP plugin occasionally shows something other than an IP. Namely, it is a random six character word and a url. The url is
www QS3PE5Z GdxC9Io VKTAPT2 DBYpP kMKqfz . com <<< DANGER WILL ROBINSON.. I would NOT visit this URL..
NOTE - i added the spaces in the url so it would not be dangerous and clickable.
That URL show up when you do a whois search.
The ip from the plugin gets sent in the email. I didn't notice it until the site owner forwarded the email from the form to me. Google Mail killed the email as soon as I opened it. Apparently google is aware that the URL is from the dirty part of town.
I'm going to look at the validation for the IP and see if I can do anything to stop the behavior.
My reason for posting this is
chris
www QS3PE5Z GdxC9Io VKTAPT2 DBYpP kMKqfz . com <<< DANGER WILL ROBINSON.. I would NOT visit this URL..
NOTE - i added the spaces in the url so it would not be dangerous and clickable.
That URL show up when you do a whois search.
The ip from the plugin gets sent in the email. I didn't notice it until the site owner forwarded the email from the form to me. Google Mail killed the email as soon as I opened it. Apparently google is aware that the URL is from the dirty part of town.
I'm going to look at the validation for the IP and see if I can do anything to stop the behavior.
My reason for posting this is
- What is the best way to stop people from spoofing the IP plugin
- The plugin might need to be fixed as this isn't a direct security issue but it is passing what is probably a dangerous URL.
- Is this just plain old form spamming or are they up to something more.
chris