|
Posted by Chris Hope on 09/09/05 10:21
Chris Hope wrote:
> chlori wrote:
>
>> Good morning
>>
>> Some of my customers are complaining that someone/something
>> is spamming the contact forms on their sites in the last weeks.
>>
>> In the E-Mail field there is a random e-mail address with
>> the domainname of the site. So it's difficult to use a junk
>> filter on the mailserver, isn't it?
>>
>> In the comments field, the same e-mail address is repeated.
>> Nothing else. It's not always the same address.
>>
>> These mails come at any day or night time, so if it's the
>> same person, he doesn't sleep much...
>>
>> My questions:
>> What's happening? Is that a person? Software? Why are they
>> doing that? Doesn't seem to help anyone...
>>
>> What's the best way to stop getting those mails without
>> making it a too big fight filling in the form?
>>
>> Thanks for your ideas!
>
> I've been getting this a bit on some of the sites I manage. They
> appear to be fishing for forms they can send spam through by sending a
> bunch of headers which would go into the email and create a different
> email addressed to a different person.
>
> The way I've been combating this is to check none of the single line
> fields (eg first name, last name etc) contain newline characters, and
> none of the multi line fields (eg message) contain 'Content-Type:',
> 'multipart/mixed' or 'boundary='. If any of them match the above then
> they get a message back saying the form contained invalid data.
Hmm. Having re-read your post your and my problem seem to be different.
Oh well :)
--
Chris Hope | www.electrictoolbox.com | www.linuxcdmall.com
[Back to original message]
|