SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Enthusiast
    Join Date
    Mar 2007
    Location
    Northern Minnesota
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Chinese Form Spamming

    Every once in a while I get spam sent to me via my website "Feedback" form. It's a php driven thing with a text box for your e-mail address, name, and the message. Then a submit button at the bottom. What has me scratching my head is that I cannot for the life of me figure out what the spam is trying to achieve. Normal spam says things like "Viagra, $1.99, visit bigjohnson.com" or something like that. Here's what I get:

    Example 1:
    "We sell metallic yarn,metallic yarn Packing,metallized polyester film, metallized polyester film Packing,metallized film, holographic foil,reflective yarn,stainless steel metallic yarn."

    (no website or business name mentioned, return email address appears to be fake also. I can't purchase from this spammer if I wanted to.)

    Example 2:

    "杭州google排名网浙江google排名网是浙江google排名公司杭州google排名公司杭州户外google排名等google排名信息发布 google排名公司,google排名,广州译信google排名公司是广州一家专业google排名公司,作为广州多语言google排名提供商中国 google排名协会,google排名新闻,google排名资讯,作品,google排名主,google排名人才,google排名商情找不到 google排名产品?还在为google排名公司的google排名产品卖不出愁吗?里汇集全国google排名最多,google排名供应和采购信息"

    (I can only assume that this might make sense on a Chinese mail client)

    Example 3:
    "Keep on charging the enemy so long as there is life.zippo lighters zsizhmg mgb convertible postcard yellow mgb color very good bqpjctqo mg car badges mgb register mgb 40th anniv bkmwczuppo james bond u only live2 1996 sticker back dtembmfb convertible mag ad bw british leyland good look bpgkbzippo lighters fyghmmunt mg owners club car badge pin mgb mga syssyzuppo james bond thunderball 1996 sticker back cased urtvwzippo james bond u only live2 1996 sticker back numrltwo mg car badges mgb register mgb 40th anniv hgoiwdatsunmg mgb gt midget triumph engine lamp lpjtu[link=http://blogs.tol.org/darmoluv1967/2008/08/29/chateau-la-blanque/]zippo james bond thunderball 1996 sticker back cased qtyqf[/link] "

    (cut about 2 more pages of links and jibberish. I can't imagine the links contained in the message are somehow resulting in revenue earned by the spammers)

    I suspect they are coming from China because the initial messages all contained e-mail addresses from domains registered in china. My php submit form isn't smart enough to log the IP address of the submission though.

    Anyone know what is going on here? Is this a Chinese bot doing this? Is it likely trying to find ways to use my form to send spam to 1000's of people? Is there anything I can do to stop it aside from putting a captcha in? Seems like if it's a bot there should be ways to trick it into exposing itself as such.

    Thanks for any suggestions
    Dave

  2. #2
    SitePoint Member
    Join Date
    Jul 2007
    Posts
    19
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    These are almost certainly bots. You rarely get live humans submitting this kind of garbage unless it can't be done by a bot (protected by a Captcha). I frequently get this kind of spam through PHP forms. Some of it seems to have a purpose - a scam email, or links to a site. Other times I get complete garbage with no links at all.

    If you explicitly control where the email is sent to via the script, and it can't changed from the form, the bot won't be able to send the spam to anyone but you, unless of course there is some vulnerability in your script. But then again, a human would probably have to discover that.

    If you don't want to use a Captcha, there is another interesting way to mitigate these attacks. It's called a negative Captcha and it works by either having a blank hidden field, or a visible field that is blank with a message telling the user NOT to fill it in. Bots love to fill in form fields, especially if they have names like "URL". If you receive a form with that field filled in, just reject it. It's not foolproof but it stops most bots.

  3. #3
    SitePoint Wizard silver trophy Crazybanana's Avatar
    Join Date
    Mar 2003
    Location
    In tha fruit cellar
    Posts
    1,379
    Mentioned
    32 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by davclark
    Every once in a while I get spam sent to me via my website "Feedback" form. It's a php driven thing with a text box for your e-mail address, name, and the message. Then a submit button at the bottom. What has me scratching my head is that I cannot for the life of me figure out what the spam is trying to achieve. I suspect they are coming from China because the initial messages all contained e-mail addresses from domains registered in china. My php submit form isn't smart enough to log the IP address of the submission though.
    china has grown to be large on spam and fraud..

    Quote Originally Posted by davclark
    I can't imagine the links contained in the message are somehow resulting in revenue earned by the spammers)
    well you'd be amazed how many ways there is to make revenue on the internet. one way of doing something like this would be to provide links that look'd similar to where you were sent, and on the similar page a cookie with affiliate tracking info would be set and then you would be redirected to the actual page.

    so as long as the cookie was present on your machine they could get revenue. It would all happend so fast that you probably wouldn't see it if you weren't aware of the trick.

    they could even try to stuff cookies on your machine to many popular online shops, this way trying to boost their revenue.

    Quote Originally Posted by davclark
    Anyone know what is going on here? Is this a Chinese bot doing this? Is it likely trying to find ways to use my form to send spam to 1000's of people? Is there anything I can do to stop it aside from putting a captcha in? Seems like if it's a bot there should be ways to trick it into exposing itself as such.
    some of it seems to come from an advertising bot, the rest seems to be from thee good 'ol spambot.

    It might use your form to send a lot of mail, it really depends on how you have configured it.
    Who's to doom when the judge himself is dragged before the bar


    Home | Web | Facebook

  4. #4
    SitePoint Enthusiast stakes's Avatar
    Join Date
    Sep 2008
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I use "Akismet" to help filter out comment and form spam. It has helped me ALOT. If "Akismet" detects a submission as spam I store it in a temporary DB table. Then i can review it later if I suspect that it has been misplaced. So far that table contains like 50 spam submissions so 100% accuary there.

    As mentioned above the "Dont fill out this" text field, is a pretty effective method. You could even hide it with css display none or visibility hidden and most bots will still, most likely, fill it out.
    webcloud.se - Articles on web development


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •