SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Guru Dashman's Avatar
    Join Date
    Jan 2006
    Location
    Manchester, UK
    Posts
    627
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Contact form - SPAM!

    Hi guys,

    I have a contact form on my site, and all feedback gets
    written to a DB.
    Now, I have a HUGE problem.
    Some guy keeps sending info to my form. I dont know how he does it, or what he is doing, but I think he is using it to automate spam emails.

    I dont receive the feedback sent via email , but see all the details in my db eg:

    id: 46
    date:2006-04-28
    name: ShedUnsightlyFat@yahoo.com Content-Type: multipar
    email: ShedUnsightlyFat@iamdash.net
    Comments: ShedUnsightlyFat@iamdash.net

    Does anybody know how I can stop this ie: what sort of security measures I can take ?

  2. #2
    SitePoint Member
    Join Date
    Nov 2005
    Location
    Athens, Greece
    Posts
    0
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have the same problem and I do get the e-mails. I use the aformmail form.

  3. #3
    SitePoint Guru
    Join Date
    Jul 2005
    Location
    Orlando
    Posts
    634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    On the site at work, we get tons of automated bots that look for forms and submit them with ads for their sites. Mostly porn sites.

    Does your script only send email to a hardcoded email address, or does it allow the person using the form to specify where the email goes? If it's hardcoded you don't have much to worry about as far as him using as an open relay.

    Not sure on how to stop him from using the form, though.

  4. #4
    SitePoint Guru Dashman's Avatar
    Join Date
    Jan 2006
    Location
    Manchester, UK
    Posts
    627
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi guys,
    it is hard-coded email address.

    What are the major concerns here? (if any)

  5. #5
    SitePoint Member mjlogan's Avatar
    Join Date
    Apr 2006
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Also check any of the email fields you have on your form for

    to:, cc:, bcc: and other tags, as they could be forcing the email to go out to other addresses including your own hard coded one.

  6. #6
    SitePoint Guru Dashman's Avatar
    Join Date
    Jan 2006
    Location
    Manchester, UK
    Posts
    627
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, I only have a "to" variable (hardcoded), that sends it to me, and then obviously the users own email address field that they fill in

  7. #7
    SitePoint Guru
    Join Date
    Jul 2005
    Location
    Orlando
    Posts
    634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Dashman
    Hi guys,
    it is hard-coded email address.

    What are the major concerns here? (if any)
    Without looking over the code, the only concern is that it annoys you.

    These type of people use a spider or robot to comb the web looking for forms. They fill in the forms with information and submit it. It's another way that the spammers try to get their products in front of you.

  8. #8
    SitePoint Guru Dashman's Avatar
    Join Date
    Jan 2006
    Location
    Manchester, UK
    Posts
    627
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by UFTimmy
    Without looking over the code, the only concern is that it annoys you.
    OK, thanks for that. I have looked at my site los from yesterday, when I first noticed this happening. As far as I know, I AM able to block certain IP addresses ?

  9. #9
    SitePoint Guru
    Join Date
    Jul 2005
    Location
    Orlando
    Posts
    634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sure, if they're always doing it from the same IP I'd definitely block those IPs. Even if you can't do it through your host, you could always do it through PHP.

    Something like

    PHP Code:
    if( $_SERVER['REMOTE_ADDRESS'] == ip_address_to_block )
          exit; 

  10. #10
    SitePoint Member
    Join Date
    Nov 2005
    Location
    Athens, Greece
    Posts
    0
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    that's very annoying. They not only use Spam which is unethical (at least to me), they also use other people's contact forms, bandwidth, domains etc.
    What kind of people are they? Why noone can find them?

  11. #11
    SitePoint Wizard cmuench's Avatar
    Join Date
    Jul 2005
    Location
    At my computer
    Posts
    2,251
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do you have a CAPTCHA on it(image verification)?

  12. #12
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    The only way to stop automated form spam is with a security/verification image. Cookies, sessions, IP blocking will all fail in the face of the spammers. SitePoint has a tutorial on it, but be sure to read the comments at the end, as you need to apply two small fixes to the included code to make it 'secure' against bots.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •