Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: buckworks
I've got two unrelated sites (except they are listed in my portfolio) which are getting spammed daily.
It looks like it's from a variety of IP addresses, with no User-Agent in the HTTP header -- they must be running it from a script.
I can't see any real benefit or gain from spamming the form, it's just jibberish they are posting in every field. There's no visible code or exploit they are trying, and my only fix at the moment is to either implement some rate limiting (seems like overkill for a simple contact form) or ban the users without a valid 'User-Agent' in the HTTP Browser header.
You need to be 100% sure that they are not succeeding, here are some links on this for your further reading:
Does you form processing script strip out illegal characters from any fields that will be used in the email headers, like the From, To, Subject etc? If not then you may have a vulnerable script. Check your mail logs if you are able to and see if there is any unusual activity in there, you might see attempts to send email to a certain group of (long since defunct) aol mail addresses like email@example.com
[edited by: lorax at 12:38 pm (utc) on Sep. 13, 2005]
[edit reason] delinked [/edit]
I have mine trying to report back to firstname.lastname@example.org.
Any other ideas to combat this?
I'd prefer not to have to ask potential customers to enter the 'text on an image' thing just to be able to use a contact form if possible.
Any ideas as to what to leave as an nasy 'error' message?
I was thinking something that would be the most bandwidth/CPU intensive for the spammer to process, but nothing came to mind that wouldn't also affect the webserver.
<<I redirect them to a nice graphic and popup laden porn site. The DN of the particular site I've used says it all.
I doubt that a redirect makes any difference since these attacks are obviously being coordinated through a bot. For my end, I'm simply allowing the standard "Thanks for your contact" page to appear ... but on the server side of the mail script, I'm using an "if/then" statement to bypass the regular sendmail code. I then redirect a mail to a folder I've set up in exchange to capture all of these attacks. The mail contains all the standard information that would appear in a regular email being generated by the mail script, but with one addition - the IP address from which the attack was generated.
I would appreciate any sources you could provide. Most of what I see is asp.net (I don't know the difference or if they could be combined) or PHP apps.
Thanks in advance