|
|
Posted by Nikita the Spider on 07/06/06 12:36
In article <H_idnRhMgdi3WTHZnZ2dnUVZ8qednZ2d@eclipse.net.uk>,
"Paul H" <nospam@nospam.com> wrote:
> I am using the latest version of FormMail.pl on a standard web form. I am
> getting dozen of emails a day that have been send via the webform, probably
> using a bot (so I am told).
>
> How can I stop this?
>
> Can I force visitors to use one of those randomly generated numbers that you
> see on the login page of some websites to stop automated use of my web form?
> Can this be done on a static HTML page?
Paul,
I'm unfamiliar with FormMail.pl, but for a while I had a spammer trying
to exploit a form on one of my sites. The form was very simple, it just
had a "type your message here" input box and a "send" button. The
spammer entered mail header fields (e.g. "Cc: foo@example.com") as the
first entries in the body area in the (false) hopes that my mail form
would just glue the body onto some preformed headers and dump it off to
an SMTP function. Had that been the case, the CC would have become part
of the mail headers and foo@example.com would receive a copy of the
message.
Because of the way I'd coded my form, this wasn't a problem, but I'm
sure the spammer found some miscoded forms out there to abuse. I just
wanted to make you aware of this potential vector.
Here's someone who has written a detailed summary of it:
http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay
You could also Google on mhkoch321@aol.com, homeigoldstein@aol.com or
homerragtime@aol.com which were the addresses that the spammer BCCed
him/herself with.
Good luck
--
Philip
http://NikitaTheSpider.com/
Bulk HTML validation, link checking and more
Navigation:
[Reply to this message]
|