Welcome to WebmasterWorld Guest from 54.166.46.226

Forum Moderators: phranque

Message Too Old, No Replies

spaming a form I have taken off my site.?

   
5:11 pm on Feb 12, 2006 (gmt 0)

10+ Year Member



Hi,

I hope this is the correct place to add my query.

I created an add url form for my website and after a while i started getting spam from - poker, casino, black jack ect constantly.

So i deleted my form on my webpage and thought that woudl fix it.

However i am still getting my form sent to me, with black jack and poker ect .....How can this happen?

Im befuddled!

Is it that now my page is cached they have a copy of it they can still send em emails? Its been deleted for about a week and a half.

Has anyone any idea?

thank you!

5:30 pm on Feb 12, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



They're hitting the script directly. You took down the form but not the script. Your setup was probably an HTML page with a form that submitted to a separate PHP or Perl or ASP script. Take down that second page, the script <-- that's the one they're hitting.
5:48 pm on Feb 12, 2006 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member



My guess is that you used form action="mailto:you@domain.com". In this case, spam is sent directly to the email address. Use of formmail scripts usually avoids this problem (assuming that the destination mailbox is not published on the form page or the script url).

Spambots roam sites collecting email addresses. It makes no difference what use the email address serves.

Kaled.

7:39 pm on Feb 12, 2006 (gmt 0)

10+ Year Member



Same thing happened to me! Listen to jamesa, that person is correct. You must remove all the scripts.

Bartainer

8:09 pm on Feb 12, 2006 (gmt 0)

5+ Year Member



I was having the same problem and if it has to be believed that the Spamer is using the script (you can check this by having a look at your server access logs) for sending emails then i have got some solution for that.

Maybe this solution may not be full proof but its working fine at my end and i hope it works good for you also.

&checkreferer;
sub checkreferer {

my $referer = $ENV{'HTTP_REFERER'};
my $ref;
my @referers = ('example.com\/pagewhereformresides\.htm','www.example.com\/pagewhereformresides\.htm');
my $hostpage = 'http://example.com/pagewhereformresides.htm';

if(!$ENV{'HTTP_REFERER'}) { print "Location: $hostpage\n\n"; exit; }

foreach $ref (@referers) { if($referer =~ m/^(http:\/\/)?($ref)/i or $referer =~ m/^(https:\/\/)?($ref)/i) { return; } }

print "Location: $hostpage\n\n";

exit;
}

Add this sub routine at the start of your CGI / Perl script.

11:29 pm on Feb 12, 2006 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Referrer data can be faked.

Ideally, all destination email addresses should be stored in a configuration file - certainly, they should never appear anywhere in the source code of a page.

There have been a couple of attacks this week on my formmail script - the security held. A well written script is useless to a spammer - the most he can do is send you a few junk bits of garbage whilst he tries to find a weakness.

Kaled.