At work, we have various email list for projects. We occasionally receive request from stranger to subscribe to our email list.
are they trying to hack into my system?
There are a number of reasons. Some are trying to get info and some are just looking to chat. Rule of thumb; if you don’t know them and/or trust them, dont allow it. By the way, it’s not “why is” it’s “why are”….lol Just a thought
Very possible.
An ‘SQL’ injection exploit may be at the heart of the request.
[From Security Now! with Steve Gibson, Episode 87 for April 12, 2007: SQL Injection.
Starts @ 15:00 into podcast]
(paraphrased from same);
In addition to user end hijackings and exploits, there are ’server side’ exploits that are quite serious.
These vulnerabilities are wide spread and affect many breeds of ‘language’ used to create different elements of a website.
The concept of anonymous user-accepted input and allowing “free form” data entry is inherently dangerous for these web based servers, if webmasters use ‘weak’ building tools for any website.
Servers rely on requests (”queries”) from computers to search it’s databases, to locate and return the requested data.
If these servers do not properly “sanitize” the queries (strip out malicious query “characters”), the server can be tricked into revealing (by downloading entire data tables) usernames & passwords, deface a website, or modify the site for instance. (see also ‘cross site scripting’)
>>>It can be as easy as using web based “log-in” pages (those we’ve all used to ’sign in’ to a website), whereby crafting the entries for the values, can get the server to perform what would normally be webmaster controlled operations, and deliver data back to the perpetrator.
Using security-lax ‘log in’ software creates an entrance point to ALL the databases on a server.
These vulnerabilities are wide spread and affect many breeds of ‘language’ used to create different elements of a website.
There are a number of reasons. Some are trying to get info and some are just looking to chat. Rule of thumb; if you don’t know them and/or trust them, dont allow it. By the way, it’s not “why is” it’s “why are”….lol Just a thought
How are they able to make the requests? Only those with email addresses that the system knows should be able to get to your list server’s email.
Very possible.
An ‘SQL’ injection exploit may be at the heart of the request.
[From Security Now! with Steve Gibson, Episode 87 for April 12, 2007: SQL Injection.
Starts @ 15:00 into podcast]
(paraphrased from same);
In addition to user end hijackings and exploits, there are ’server side’ exploits that are quite serious.
These vulnerabilities are wide spread and affect many breeds of ‘language’ used to create different elements of a website.
The concept of anonymous user-accepted input and allowing “free form” data entry is inherently dangerous for these web based servers, if webmasters use ‘weak’ building tools for any website.
Servers rely on requests (”queries”) from computers to search it’s databases, to locate and return the requested data.
If these servers do not properly “sanitize” the queries (strip out malicious query “characters”), the server can be tricked into revealing (by downloading entire data tables) usernames & passwords, deface a website, or modify the site for instance. (see also ‘cross site scripting’)
>>>It can be as easy as using web based “log-in” pages (those we’ve all used to ’sign in’ to a website), whereby crafting the entries for the values, can get the server to perform what would normally be webmaster controlled operations, and deliver data back to the perpetrator.
Using security-lax ‘log in’ software creates an entrance point to ALL the databases on a server.
These vulnerabilities are wide spread and affect many breeds of ‘language’ used to create different elements of a website.