spaming a form I have taken off my site.?

Forum Moderators: phranque

Message Too Old, No Replies

spaming a form I have taken off my site.?

flumpet

5:11 pm on Feb 12, 2006 (gmt 0)

Hi,

I hope this is the correct place to add my query.

I created an add url form for my website and after a while i started getting spam from - poker, casino, black jack ect constantly.

So i deleted my form on my webpage and thought that woudl fix it.

However i am still getting my form sent to me, with black jack and poker ect .....How can this happen?

Im befuddled!

Is it that now my page is cached they have a copy of it they can still send em emails? Its been deleted for about a week and a half.

Has anyone any idea?

thank you!

jamesa

5:30 pm on Feb 12, 2006 (gmt 0)

They're hitting the script directly. You took down the form but not the script. Your setup was probably an HTML page with a form that submitted to a separate PHP or Perl or ASP script. Take down that second page, the script <-- that's the one they're hitting.

kaled

5:48 pm on Feb 12, 2006 (gmt 0)

My guess is that you used form action="mailto:you@domain.com". In this case, spam is sent directly to the email address. Use of formmail scripts usually avoids this problem (assuming that the destination mailbox is not published on the form page or the script url).

Spambots roam sites collecting email addresses. It makes no difference what use the email address serves.

Kaled.

bartainer

7:39 pm on Feb 12, 2006 (gmt 0)

Same thing happened to me! Listen to jamesa, that person is correct. You must remove all the scripts.

Bartainer

milanmk

8:09 pm on Feb 12, 2006 (gmt 0)

I was having the same problem and if it has to be believed that the Spamer is using the script (you can check this by having a look at your server access logs) for sending emails then i have got some solution for that.

Maybe this solution may not be full proof but its working fine at my end and i hope it works good for you also.

&checkreferer;
sub checkreferer {

my $referer = $ENV{'HTTP_REFERER'};
my $ref;
my @referers = ('example.com\/pagewhereformresides\.htm','www.example.com\/pagewhereformresides\.htm');
my $hostpage = 'http://example.com/pagewhereformresides.htm';

if(!$ENV{'HTTP_REFERER'}) { print "Location: $hostpage\n\n"; exit; }

foreach $ref (@referers) { if($referer =~ m/^(http:\/\/)?($ref)/i or $referer =~ m/^(https:\/\/)?($ref)/i) { return; } }

print "Location: $hostpage\n\n";

exit;
}

Add this sub routine at the start of your CGI / Perl script.

kaled

11:29 pm on Feb 12, 2006 (gmt 0)

Referrer data can be faked.

Ideally, all destination email addresses should be stored in a configuration file - certainly, they should never appear anywhere in the source code of a page.

There have been a couple of attacks this week on my formmail script - the security held. A well written script is useless to a spammer - the most he can do is send you a few junk bits of garbage whilst he tries to find a weakness.

Kaled.