[vox-tech] Strange web form submissions; regexp to filter?
Bill Kendrick
nbs at sonic.net
Thu Dec 18 01:05:30 PST 2008
I've been notcing some weird submissions to the survey form I have on
the Tux Paint website. For most of the type-in fields, the values are
gibberish. Combinations of uppercase/lowercase alphabetic characters.
(No spaces, no numbers, nothing else.) Like so:
exCBAZcrGzvlQVY
UTJzqHZmonSyZrBobeM
iLmnIEUJo
UyursGguwKF
I've collected them recently, and I just looked over them.
(Attached is a txt file with all of the various gibberish strings.)
I've got 72 examples from 50 IP addresses (all over the board).
I assume it's people with some kind of virus/trojan.
User agents are all over the board, too. (42 different specific agents,
almost all listing as MSIE, although also including 2 apparently on Macs
(on Webkit, one Firefox), 1 apparently in Opera on FreeBSD, and a few
Firefoxes on Windows).
So (1) it's distributed, (2) it's cross-browser and somewhat
cross-platform (or apparently so).
It's purpose? I have no idea. All it does in the end is annoy me.
They almost always include a validly-formed email address in the address
line (I think they didn't used to, until I made it require that the field
look like an address, if it's not blank). _I_ don't do anything to those
email addresses, so it's not like anyone is benefitting from... whatever it
could be they think they're benefitting from.
ANYWAY. I'm wondering if anyone out here has a suggestion for a regexp
recipe I could use to match the strings in question, but without risking
matching anything as a false-positive.
[a-zA-Z]+ (or with some minimum number of characters -- the shortest look
like they're about 8 characters) would be the basic check, but that would
include anything, even stuff that DoESn'T loOk lIKE THiS.
Suggestions? (And... any ideas wtf this could be? It's been going on
for _months_.) Thanks,
--
-bill!
"Tux Paint" - free children's drawing software for Windows / Mac OS X / Linux!
Download it today! http://www.tuxpaint.org/
-------------- next part --------------
AaJhsQagE
aDDhGMObdSyDEXyxktr
aDDhGMObdSyDEXyxktr
AflehFztEvPoJUxil
AJKTVmDgToqczwQt
akDvgBdl
aOHmmiNfERyKYpLaxub
aOHmmiNfERyKYpLaxub
ApMrBIcCKF
AvUeTTLUPjZRtgfP
bBWLoAasmNIVvx
bkZnOXoFXA
bwMMSUWXxCSdoHSEroc
bzuZzlULbqMqjGOp
CBSLWGzsTgKk
CFYQsINW
CfyyHRqgOGcnRbT
chwaaASg
CIuGwQMelWEEzXqxcEW
cunImzJemsWPmIZf
CymnnVQFnBtgGYiXQ
dHsUIvYLISiLTRiRn
DMyMfQynLMNunkrW
dtzwTwpzJDZaag
dvFotXqhvTrSfed
dVPBLGst
dWoNtTXawzaiT
DyLInzMQRqD
dzuvpAkuEki
eClZXhtkzFWLj
EFKDjyhivcteS
EjsBkQvAzbF
EKGENfjM
emJlQFbHwaTRobVTyK
EpCqheHkdxADj
esAZYQsYhXL
EtErsUnQYuGlFhHAWj
exCBAZcrGzvlQVY
fBTBiIkwSTSEHqNJH
FEmBwZYX
FetXCxOJqC
fEzJqqKygQY
fFTvCDirbm
FgOJRfWQvhiDQlM
FGxrzOrpqZEw
FGxrzOrpqZEw
FJUtIghZIYdmv
FpRsPJbopTyKhIRsDD
frFzMVMfawoQhfZmXg
fvYcpNMUqWhtv
fvYcpNMUqWhtv
FwHTIwkPmM
fxceSflxTbpau
fXMtvOHKkBv
GGIXcMHgBobadG
gJubyuhg
gnvAAJWNYMumrA
gtBUIgCVzACCVP
GzkgVfyOa
hRwiAFvPhpRUTa
hylzFoAeBZgZXaTCe
HzLARBUAowJhISCVWta
HzLARBUAowJhISCVWta
iDUyalfJLH
iEOhTFYUcr
IiIVKzukavKPKcffmfY
iLmnIEUJo
iTMhDCwFwDPz
IwvgvfHqgNwoXUsKYRl
JcPAiOqBakCkHr
JgdcezKsf
jLpudDyTEI
joHKyDRKnMkdZO
jxSScQxmtNz
JZfDprkGDUdCVdrimUC
kcACCAtTkCtrgyyKh
KFlzothwBHCUCexUndD
KGpeHDzNzZOKEDcBe
KLGVikgItG
KMoHilaFqSmpydjK
KRErDnItpYZPCwJmYm
LdCyIlzooRUuGBMP
liDGqQKhkmaKeBB
LmjXXZTNUCdEuDg
lpsJGnSxbDmKVd
lQETPUCnh
lvohnkWGHjkIjEugWP
MCzkiosVz
mEqIIEtQMwNjmBFQVV
MeZvLkULfVHImOR
mFawhDwhbnBLDiktY
MNcbiCKBlybfY
mnjyKPHfpxu
mnjyKPHfpxu
mymjLVruYEwi
nELnlJNOgk
NHxVnJGZH
NKFKyKSdB
NKFKyKSdB
NmffbTJiWvXoKlRXWv
NqMKgGeY
nTCXxGnjrnym
nYQzVJwUvnduQLnje
nzILhzSblVgmyoRH
NznZxaeqwUk
NzqpQruZSUkBjDxQ
NzTntxGFfgSzX
oCfdMlNDAbzkBCAVtxe
OEiGhcUWvyKGsyU
oGNGpIzWaWkqWVHC
oIDDSdGAdbHag
oihuWssXu
oIluaswcwDduIj
olFhTsBEbgcdOcch
OMcpsGqOjrFTiD
OpLVgVhsJo
oQdUgNJaybiuYNm
PcmOZmCyyAUEZ
PejAcjDpa
pFlqogQJ
PFVCCNBvDEiWY
PGbCzoxiBsaZiQ
PNRlsoCAYcmR
poIpNsPzx
QagddSVoXbpMfnrIrc
QARtobYlsFNKjndH
QARtobYlsFNKjndH
QcCdPdAbdWxbzZWex
qDRNkiaRUBuVR
qeeMEJnjJgrnK
QHPBVFSYVrk
QLrGdDUGWdVtFxhUy
RGVumWtQzMqTuhTl
RJeYmDzBmPJ
RKqLemPtVAE
RlpjcMslCd
rMqvgDDoD
rPbiuJbtu
RtBgqEmX
rtflWgsKAjTmIai
RVrDTnHfMumsFELUDe
rxRFZGpAbustpuLug
RxxUAlmZwGMzlaq
sEiKINLCSzq
SfRCpoTzWkYIcVAi
SFXHChgvyrBPBmdG
SGpkouDhjvjkW
SjjpcZfpoQGfwhnTyQR
SnbvSpsFOcBB
STjyoQLBmeaIubO
StLzAgNmGztoFV
SunMPoZbdFI
taNnnWxNDcC
tDitoriSZfwmaFmNoFB
tjaVXVqx
tjmjbNjlMCqapslRYj
TkIRqjaqKsnwrL
TMlYfulkCRzuN
TmRpxlYTtjSEqEbSkXt
toyXowRzpEsk
tVOcrWSYSqENQDP
tzPzZpty
uARtiYaWH
uEwnrbAtLMspO
UfPfNiziWUgANhkha
ukajcrOTAcA
UKJbbclsjsKvXgFHEjW
ulZouIrZvuMJIKaQ
uOYBpnyYy
usDTjakVMxbNaDTK
uTjkcQZl
uTjkcQZl
UTJzqHZmonSyZrBobeM
uUsLGzVsKCVA
UVCivimKiaQVjeebo
UyursGguwKF
VAugDfNQrYBpCh
VLwnyUvV
vNIOQUBFa
VNiumDCfAiTEqcesep
VnPooKkCUDtZLaA
vtPYSpSa
VzzyEAJoAl
wBxMgbrQsIuTtbGuB
WpTuGlRKIyEqK
wTYAVYsYph
XBWkQiHunoov
xDahjliHu
xfWdtIYBsitINGgHWlA
xIUvEZjKmJhQSecF
xKfvMKBrY
xQDALFuMUSCjbgjzlbq
xShMqdwsFGz
xSwzDcheXxI
XZizNcvSa
YKsZuXWDnraT
YLGJjjJJsQukIrItqg
ytCAPglztLx
yvCFuJkJHstI
yyVensFOU
ZBsMbBOTEhmwXZYgs
ZepNEOaGzgLHTXspoX
ZfipOBEtqma
ZGMFhcNqBsvULPNw
ZhMiYWeuXGDLRF
ziVyytHE
ZmVanEoDXGtTrFwydFl
ZQShRRCRjROaZdnH
ZQvZSWyWnResBDVn
ztgeseyymhGCReHwc
ZWiCRYYsOAVwp
zWThFFwlZYXOyDxAYV
zWVWGsCu
zYCAkVbCNATpkVOCKWs
ZYDpLVhPsinCeTtJSyf
zZzsQWCzwpCeMItVzp
More information about the vox-tech
mailing list