Form spam - Webmaster General forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Form spam

Apparently from multiple IPs

cgmendla

3:43 pm on Aug 1, 2007 (gmt 0)

10+ Year Member

I've suddenly started getting a whole bunch of form spam on one of my accounts. It does not look like they have hacked or are attempting to hack the form mailer.

It appears that the purpose is to send a bunch of text with links to spam sites.

Here is what I know

- they put a random email addr in the email field
- The spam seems to be coming from a bunch of IP addresses with different owners.(ie, the ips don't seem to be related)
- User agent is Opera 9.0
- Anchor text for the links in the comment area of the form are for spammy topics (debt consolidation)
- The links themselves appear to be going to a bunch of different sites that don't seem to be related.
- My site is low traffic, less than 40 visitors/day
- I'm getting a dozen or so of these form spam emails each day.

I'm going to feed the ips into my ip deny for that site and see if it slows this down a bit

Questions

1. What is the purpose of this (1) looking for security holes (2) hoping that I click on their lame links? (3) hoping for guestbook type link love?
2. My guess is that blocking the IPs that the forms were sent from won't do much good. Does anyone know of the mothership IP for this garbage?
3. any other thoughts or opinions would be appreciated

thanks

cg

LifeinAsia

4:39 pm on Aug 1, 2007 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

Top Contributors Of The Month

We see the same crap on our sites- several dozen attempts to post similar messages every day. Same user agent, different IPs (for the most part).

In our case, you can't post a message without a valid username/password, so none of the postings go through. You don't even get the Submit button if you're not logged in, so it's obviously some sort of bot that keeps trying to hit the submission page. So now I automatically do a redirect to the IP of the submitter if something tries to submit a post without being logged in.

[edited by: LifeinAsia at 4:39 pm (utc) on Aug. 1, 2007]

WesleyC

8:08 pm on Aug 1, 2007 (gmt 0)

10+ Year Member

I've dealt with the same issue--it's extremely annoying, as in my case I have the form's contents escaped and routed to my e-mail inbox. Despite the fact that nothing ever comes from this spam, they just keep sending it...

There's a few things you can do to protect yourself with server-side scripting technologies, but in general these 'bots are very hard to defeat by simple IP bans and that sort of thing. In fact, after I banned an IP coming from Europe posting these kinds of messages, a new IP started popping up from Nigeria, as well as a new one from the US.

The result: I figured out a couple "creative" methods of dissuading 'bots without annoying users of any but text-based browsers--for instance, using a <input type="text" name="email" class="abc"> tag (as an example), then defining .abc { display: none; } in my stylesheet. Then, in the server-side logic, check if the form field is filled in--if it is, you can yell at the user for A. using a text-based browser or B. being a spambot.

The trick is to give it a logical name (and possibly obfuscate the name of real fields) and to avoid using <input type="hidden"> fields, which might be detected and avoided by a robot.