Form Submission Spam

Forum Moderators: open

Message Too Old, No Replies

Form Submission Spam

BeeDeeDubbleU

10:34 am on Dec 18, 2014 (gmt 0)

Not sure if this is the right forum but here goes.

During the last couple of week I have been receiving an inordinate amount of spam from one of my website forms. It is just a short form that asks for some details. The submissions look something like this.

SURNAME: qtnauazauy
FIRSTNAME: qtnauazauy
EMAIL: stretchihumy+OEuNf@gmail.com
EMAILCONFIRM: stretchihumy+OEuNf@gmail.com
TELEPHONE: 123456
Comments:
SPAMTRAP: SIXTEEN

As you can see I have a simple spam trap there which asks the user to answer a simple arithmetic question before submitting. I let it go for a while until it became too annoying then yesterday I went in and changed the question. Within 5 minutes I received another one with the new question answered correctly.

It looks like this is being done automatically but to what purpose? The only link in the submission is a manufactured email address and AFAIC see they are getting nothing from this?

engine

6:26 pm on Dec 18, 2014 (gmt 0)

Mostly they are bots that just keep attempting access. There are a number of things. It could simply be a bot looking to promote a site or service, and, possibly, in this instance, it's in a foreign language. It could also be a bot looking for a weakness on the site to make use of the sendmail facility, or to plant some malware through the site, or in e-mail.

Because it's automated, and computer generated, it'll just keep hammering until it finds a weakness.

You can either fight the bots [webmasterworld.com...]
or you could take an easier route and remove the enquiry form completely.

not2easy

6:36 pm on Dec 18, 2014 (gmt 0)

You can also use Akismet and more obnoxious but effective Captchas for forms. If you have checked and found these coming from a wide range of IPs, it can be an unpopular but effective solution.

piatkow

7:52 pm on Dec 18, 2014 (gmt 0)

I used to get a lot of these but thy stopped when I blocked all Russian and Romanian IP addresses!

BeeDeeDubbleU

11:00 pm on Dec 18, 2014 (gmt 0)

Can you point me to the info on how to block them?

not2easy

12:51 am on Dec 19, 2014 (gmt 0)

The Library of the Search Engine Spider and User Agent Identification Forum is crawling with methods and tips:
[webmasterworld.com...]

piatkow

3:22 pm on Dec 20, 2014 (gmt 0)

Can you point me to the info on how to block them?

How? No idea on the mechanics, my host provides a form driven utility as part of the control panel. I identified the ranges over a couple of months by simply looking up the IP addresses on spam and blocking the surrounding ranges as they came in.

BeeDeeDubbleU

10:24 am on Dec 21, 2014 (gmt 0)

I checked a few IP addresses and they appear to be coming from China and the Ukraine but the mwessage header tells me ...

Received: from 27.159.217.126 (IP may be forged by CGI script)

not2easy

3:12 pm on Dec 21, 2014 (gmt 0)

A lookup gives you
27.152.0.0 - 27.159.255.255
CHINANET FUJIAN PROVINCE NETWORK
so to block those IPs, this CIDR covers them all: 27.152.0.0/13

If your server can be set up to check reverse DNS you could verify the IP, but this range is one that does blog spam (they show up on my lists as comment spammers) and blocking them could cut your problems down a lot.

BeeDeeDubbleU

3:27 pm on Dec 21, 2014 (gmt 0)

What on earth do they get from this?

not2easy

5:26 pm on Dec 21, 2014 (gmt 0)

Sometimes they are "Just Checking", sharpening their bot skillz to better evolve. Apparently they have evolved enough to solve a simple math captcha. Someone recently put out a new type of captcha that is a game, it requires interaction. Maybe your captcha just needs a "Now add 4 to that" in an image after the simple math part to evade programmed entries?

If you determine the IPs to block and block them, that will usually take care of it. There aren't so many trying to sell their services for "Backlink Creation" as there were a year ago. Now it is vulnerability researchers and plain old scrapers that cause more problems.