The Honeynet Project

We observed 15 attempts to inject mail into the web forms of one of our honeypots. The following data is an example:

The content is truncated to 255 characters as the honeypot is not designed to accept long strings. The actual HTML limits the text field to 60 characters, so any program submitting more than this is ignoring the limit. This means it is likely to be an automated attack, or at least is using a program other than a standard web browser. The fact that the email is being mistakenly submitted to a form which asks for a command is also suggestive of an automatic mechanism as a human should realise that the attack will not work.