can these spam urls hurt my site

Forum Moderators: coopster

Message Too Old, No Replies

can these spam urls hurt my site

meelosh

9:03 pm on Apr 17, 2010 (gmt 0)

i have a simple php form submit script on one of my sites...the form submits info to my email address and not to the site itself. About twice a week i get some spam type url's being sent through to me via this form..i dont mind deleting it as it does not happen allot....my question is can this spammer some how add bad outbound links to my site by doing this? i am not to clued up on php and was curious as to what the benefit would be for the spammer to do this as the links make no sense....unless they want me to click on them..not sure. would appreciate some input on this as it worries me a little.
thanks

IanKelley

9:06 pm on Apr 17, 2010 (gmt 0)

You should be fine.

The links are being submitted by an automated program. This particular one is probably submitting links using any form it finds, regardless of whether or not that form actually creates links on a webpage.

If it gets to be too annoying consider implementing some form of CAPTCHA.

meelosh

9:34 pm on Apr 17, 2010 (gmt 0)

thanks ian....i appreciate it...not very smart in the php department.
i will look into captcha but like i said it is not irritating me at all....however i have worked hard to get this site well ranked and do not want some "bad neighborhood" outbounds destroying that by some how placing these links on my site...so thanks for the reply (you know these days paranoia is king not content)
cheers

rocknbil

4:36 pm on Apr 19, 2010 (gmt 0)

This

i have a simple php form

in combination with this

i am not to clued up on php

May have some serious hidden consequences you don't know about. To (re-answer, add to) answer the Q, spammers are paid on delivery, they don't care about the link content.

When you say "simple php script," what worries me is it may be vulnerable to injection. What this means is you receive a single email, but the it's possible it's being abused to send thousands of emails to other targets. A typical example, if I can inject something like this into the "email address" field

from: blah@example.com\nbcc:email1@example.com, email2@example.com,email3@example.com

I've just sent out three emails you don't know about, and will never, as I've created my own BCC field. The above example won't "work" in a regular form, there are special tricks that need to be done, but that is the concept.

I've got tons of posts here with suggestions, and there are more from others, but resort to CAPTCHA as just that, a last resort. IMO it is an unnecessary barrier to your users and there are **many** ways to put a stop to link-drop spam in particular.

Square one is to log all input data so you know what they are up to, two cleanse your input, three, after these, kill malicious patterns and don't send email - if you take away their toys, they will lose interest in you. Have someone review this script for security issues, just in case.

meelosh

5:09 pm on Apr 19, 2010 (gmt 0)

thanks for the valuable input Rocknbil..the issue's i am concerned with are these crazy looking urls being posted in the inquiry section of the form....example to follow and i have done all i can to remove the obvious from the urls..

Inquiry: KN6r3E <a href="http://******dotcom/">*********</a>, [url=http://*********dotcom/]******[/url], [link=http://********dotcom/]********[/link], *ttp://********dotcom/

the urls themselves are making no sense and i assume would be 301 redirects else where but i sure am not clicking on them to find out.

rocknbil

6:14 pm on Apr 20, 2010 (gmt 0)

Yeah those are common. And annoying as all h***. :-) Log, sanitize, then a few preg's can locate those and put a stop to it.