Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- form hack attempt
August 24, 2006, 4:27 pm
rate this thread
I have a form that emails a request.
It's not possible to forge the headers (no header info comes from the
form) and no attempt has been made on that, but my client is getting
several "SPAMs" a day. The spam is filled in on a comments textarea,
which apears in the body of the email.
I've trapped this by looking for "URL" and "href" in the comments,
but it seems that there may be a more generic approach. Anyone else seen
this? Better solution?
Re: form hack attempt
Depends on how serious of a problem it is?
I'm *guessing* these spams are from automated bots that seek out
what appear to be forms via search engines and then automatically
fill them in with spam.
(I can't imagine someone actually doing this manually)
If you don't mind alienating your blind users and ticking off the
other visitors, you could use those captcha things. (YUCK!) I don't like
this approach because it's so hard to get feedback in the first place, last
thing I'd want to do is make it any harder for them.
Could also change the form variables around each time the form is generated
and/or use session tricks? Stuff that foils anything that is automated.
Basically use really weird form variable names like "121" that are only good
for 8 hours and change each time. Better yet, ensure the form variable names
all hocus-pocus security via secrecy, BUT if only the occasional spam gets
through (to your client, not the world at large) then it might be good enough?
Personally, I don't get very much spam on my forms, so it's not a problem
for me. Those are just some of the ways I'd go about fixing it if it really
were a problem. (it'd be a lot of work compared to just deleting a few stray
emails, hardly worth the extra effort)
I do get a lot of attempts at foiling it into sending out spam to others
though, that obviously calls for "real" security measures.
http://www.geniegate.com Custom web programming
email@example.com (rot13) User Management Solutions
- I Hate Stock Spams
August 24, 2006, 8:35 pm
Re: form hack attempt
mail form (especially spam seemingly addressed to others) then your form
might be exploitable.
The spammer injects the characters '\n' and '\r' (end of line and carriage
return) in an explotiable web form and then adds "bcc:" followed by a long
list of spamees. (If you start getting "bounces" then that is what has
happened). If he is allowed to do this several times, you end up on a set
of email blocklists from which removal is damn near impossible. At that
point your provider either disconnects you or puts a contract out on you
(depending on where you live) or both.
Spammers aren't usually the brightest bulbs in the box, so they like this
technique because it requires virtually no talent and can be run from a
script. Also, about a 10-15% of the forms I see are exploitable, despite
the stellar credentials of some of the webmasters owning then. It's just
that easy to overlook.
Verify that there is a control character filter on you web form or that the
mail handler you use does not accept the "bcc" statement. Either one will
foil his attempts.
with php use
"if(egregi("\r",[field]) || egregi("\n",[field])) die("No Spam From Me!")
with perl use regular expression matching
with C and C++ use regexec and regcomp.
to trap these characters.
- » Its may helpful for some1 looking 4 reliable domain + hosting provider with acceptable pri...
- — Previous thread in » Webmaster Forum