form hack attempt

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

   I have a form that emails a request.

   It's not possible to forge the headers (no header info comes from the
form) and no attempt has been made on that, but my client is getting
several "SPAMs" a day. The spam is filled in on a comments textarea,
which apears in the body of the email.

   I've trapped this by looking for "URL" and "href" in the comments,
but it seems that there may be a more generic approach. Anyone else seen
this? Better solution?


Re: form hack attempt

Quoted text here. Click to load it

Depends on how serious of a problem it is?

I'm *guessing* these spams are from automated bots that seek out
what appear to be forms via search engines and then automatically
fill them in with spam.

(I can't imagine someone actually doing this manually)

If you don't mind alienating your blind users and ticking off the
other visitors, you could use those captcha things. (YUCK!) I don't like
this approach because it's so hard to get feedback in the first place, last
thing I'd want to do is make it any harder for them.

Could also change the form variables around each time the form is generated
and/or use session tricks? Stuff that foils anything that is automated.

Basically use really weird form variable names like "121" that are only good
for 8 hours and change each time. Better yet, ensure the form variable names
and maybe the values are javascript controlled.

Even though javascript sucks, it sucks even more for automated bots. This is
all hocus-pocus security via secrecy, BUT if only the occasional spam gets
through (to your client, not the world at large) then it might be good enough?

Personally, I don't get very much spam on my forms, so it's not a problem
for me. Those are just some of the ways I'd go about fixing it if it really
were a problem. (it'd be a lot of work compared to just deleting a few stray
emails, hardly worth the extra effort)

I do get a lot of attempts at foiling it into sending out spam to others
though, that obviously calls for "real" security measures.

-- Custom web programming
guhzo_42@lnubb.pbz (rot13)                User Management Solutions

Re: form hack attempt

I'm not sure I understood you, but if you are getting a lot of spam in your
mail form (especially spam seemingly addressed to others) then your form
might be exploitable.

The spammer injects the characters '\n' and '\r' (end of line and carriage
return) in an explotiable web form  and then adds "bcc:" followed by a long
list of spamees. (If you start getting "bounces" then that is what has
happened). If he is allowed to do this several times, you end up on a set
of email blocklists from which removal is damn near impossible. At that
point your provider either disconnects you or puts a contract out on you
(depending on where you live) or both.

Spammers aren't usually the brightest bulbs in the box, so they like this
technique because it requires virtually no talent and can be run from a
script. Also, about a 10-15% of the forms I see are exploitable, despite
the stellar credentials of some of the webmasters owning then. It's just
that easy to overlook.

Verify that there is a control character filter on you web form or that the
mail handler you use does not accept the "bcc" statement. Either one will
foil his attempts. 
To filter:
with php use
    "if(egregi("\r",[field]) || egregi("\n",[field])) die("No Spam From Me!")
    with perl use regular expression matching
    with C and C++ use regexec and regcomp.
to trap these characters.

Site Timeline