Contact form spam - to me alone
Chuck Anderson
lately someone has begun using it to send Spam to me - and only to me
(one to three times a day). I can tell because I track the usage of
those contact form scripts (that I wrote) closely. The person is not
even trying to inject anything into the headers, they are just sending
me URLs to their porn sites.
Is there any way to block this kind of usage? I've tried the usual
tricks (hidden form field - checking referrer), but they always (almost)
check out okay. The originating IP address changes every time, of
course - and the porn sites are usually already gone.
I'm already cleaning all my form variables (checking for LF and CR and
content_type and cc:), so that is not my problem. It's just the few
annoying emails I get.
[ ..... Is this actually a productive way for spammers to distribute
their crap ... one email per form?]
--
*****************************
Chuck Anderson • Boulder, CO
http://www.CycleTourist.com
*****************************
Sanders Kaufman
> Is there any way to block this kind of usage? I've tried the usual
> tricks (hidden form field - checking referrer), but they always (almost)
> check out okay. The originating IP address changes every time, of
> course - and the porn sites are usually already gone.
I get around this by only allowing *registered* members of my
sites to do send messages and such.
> [ ..... Is this actually a productive way for spammers to distribute
> their crap ... one email per form?]
Not really. More likely, you picked up a net-stalker - someone
who's focused on harassing you personally.
Francois Bonzon
> I have a contact form on my site (been there for a few years) and just
> lately someone has begun using it to send Spam to me - and only to me
> (one to three times a day). I can tell because I track the usage of
> those contact form scripts (that I wrote) closely. The person is not
> even trying to inject anything into the headers, they are just sending
> me URLs to their porn sites.
>
> Is there any way to block this kind of usage? I've tried the usual
> tricks (hidden form field - checking referrer), but they always
> (almost) check out okay. The originating IP address changes every
> time, of course - and the porn sites are usually already gone.
>
> I'm already cleaning all my form variables (checking for LF and CR and
> content_type and cc:), so that is not my problem. It's just the few
> annoying emails I get.
>
> [ ..... Is this actually a productive way for spammers to distribute
> their crap ... one email per form?]
I had the exact same problem with my contact forms, that I solved by
ignoring the e-mail if the body contains 3 times or more the string
"http://". Those spam e-mails contained always 10 times or more the
spammer's web link, to be sure we don't miss it. Legitimate senders
never send me even a single web link in their message. This way, a
single link, or even two, is still allowed.
Here is my very simple anti-spam function:
/**
* Simple SPAM filter
*
* Mail is rejected if body contains more than two HTTP link.
* @param string $body Message body
* @return bool Mail is spam
*/
function is_spam ($body) {
return substr_count($body, 'http://') > 2;
}
Dikkie Dik
> their crap ... one email per form?]
I'm afraid it is. Contact forms are almost guaranteed to be read and are
usually not filtered for spam. Don't think it is a human typing the mail
though, it's probably a bot. That is why most wikis and blogs have
bot-protection mechanisms.
That is another option for your contact form. There are probably lots of
those scripts around.
Best regards
arclight
Chuck Anderson wrote:
> I have a contact form on my site (been there for a few years) and just
> lately someone has begun using it to send Spam to me - and only to me
> (one to three times a day). I can tell because I track the usage of
> those contact form scripts (that I wrote) closely. The person is not
> even trying to inject anything into the headers, they are just sending
> me URLs to their porn sites.
>
> Is there any way to block this kind of usage?
I've written an accessible captcha system which you might find of
interest, it's pretty simple to incorporate into a preexisting comment
system, and it's available under the LGPL at
http://system-x.info/?pageid=18&menutree=47
Carl Pearson
> I have a contact form on my site (been there for a few years) and just
> lately someone has begun using it to send Spam to me - and only to me
> (one to three times a day). I can tell because I track the usage of
> those contact form scripts (that I wrote) closely. The person is not
> even trying to inject anything into the headers, they are just sending
> me URLs to their porn sites.
>
> Is there any way to block this kind of usage? I've tried the usual
> tricks (hidden form field - checking referrer), but they always (almost)
> check out okay. The originating IP address changes every time, of
> course - and the porn sites are usually already gone.
>
> I'm already cleaning all my form variables (checking for LF and CR and
> content_type and cc:), so that is not my problem. It's just the few
> annoying emails I get.
>
> [ ..... Is this actually a productive way for spammers to distribute
> their crap ... one email per form?]
>
You could always modify .htacess, presuming the spammer stays on the
same IP. If their IP is changing, just go upstream and block a whole
subnet. With the latter method, you might lose some valid entries if
someone else on the that subnet tries to sign the book...
Chuck Anderson
It looks like some form of CAPTCHA is the best answer (using an image,
or text questions). This is not an important contact form, so for now,
I'm just going to kill messages with <a href or http:// in them.
Is there a way to make a bot believe that the sending of the email has
failed? Seems like that would be a deterrent if the spammer sees it is
not working. Should I serve a server error? Can you do that with header()?
Petr Vileta
news:GvudnTrlfZJqlzXY...@comcast.com...
>I have a contact form on my site (been there for a few years) and just
>lately someone has begun using it to send Spam to me - and only to me (one
>to three times a day). I can tell because I track the usage of those
>contact form scripts (that I wrote) closely. The person is not even trying
>to inject anything into the headers, they are just sending me URLs to their
>porn sites.
>
--
Petr Vileta, Czech republic
(My server rejects all messages from Yahoo and Hotmail. Send me your mail
from another non-spammer site please.)
Heiko Richler
> It looks like some form of CAPTCHA is the best answer (using an image,
> or text questions). This is not an important contact form, so for now,
> I'm just going to kill messages with <a href or http:// in them.
How about showing the form again with a message like "Message was not
send: <a href or http:// not allowed"
> Is there a way to make a bot believe that the sending of the email has
> failed? Seems like that would be a deterrent if the spammer sees it is
> not working. Should I serve a server error? Can you do that with
> header()?
Try an Error message and do not send the message. This way people may
still send you Messages. All they have to be able to, is to read an
error message if there is one.
Heiko
--
http://portal.richler.de/ Namensportal zu Richler
http://www.richler.de/ Heiko Richler: Computer - Know How!
http://www.richler.info/ private Homepage
Petr Vileta
> Dikkie Dik wrote:
>>> [ ..... Is this actually a productive way for spammers to distribute
>>> their crap ... one email per form?]
>>>
>>
> text questions). This is not an important contact form, so for now, I'm
> just going to kill messages with <a href or http:// in them.
>
> Is there a way to make a bot believe that the sending of the email has
> failed? Seems like that would be a deterrent if the spammer sees it is
> not working. Should I serve a server error? Can you do that with
> header()?
>
if(...link is in the mail body) {
$link = "http://www.google.com";
print "Location: $link\n\n";
exit; }
Sanders Kaufman
> You can redirect spammer to his own web.
>
> if(...link is in the mail body) {
> $link = "http://www.google.com";
> print "Location: $link\n\n";
> exit; }
Now *that* is a novel approach!
Francois Bonzon
> Is there a way to make a bot believe that the sending of the email has
> failed? Seems like that would be a deterrent if the spammer sees it is
> not working. Should I serve a server error? Can you do that with
> header()?
IMHO, telling the spammer the e-mail sending has failed is not always
the best solution. If he sees it failed, he'll search - and find,
because spammers are smart - another way to spam you. If he thinks the
message was successfully sent, he'll feel happy and stop here.
In case I detect a spam message, I return the same page as with normal
messages, but simply don't send the e-mail in the background. I even
run a sleep(1); PHP function (waits 1 sec) to simulate the time needed
for the server to submit the e-mail. So that it's not possible to
detect no e-mail was sent, because the time between the HTTP request
and answer is shorter. It should not be shorter when I don't actually
send an e-mail.
Francois
Krustov
<Chuck Anderson>
<Fri, 12 Jan 2007 15:25:55 -0700>
<GvudnTrlfZJqlzXY...@comcast.com>
> I have a contact form on my site (been there for a few years) and just
> lately someone has begun using it to send Spam to me - and only to me
> (one to three times a day). I can tell because I track the usage of
> those contact form scripts (that I wrote) closely. The person is not
> even trying to inject anything into the headers, they are just sending
> me URLs to their porn sites.
>
> Is there any way to block this kind of usage? I've tried the usual
> tricks (hidden form field - checking referrer), but they always (almost)
> check out okay. The originating IP address changes every time, of
> course - and the porn sites are usually already gone.
>
A suitable image code will stop most spam .
www.phptakeaway.co.uk/takeaway_contact.php
This might look like the normal form-to-email thingy - but no email is
sent and the submission gets stored on the server .
A quick glance at the date is all thats needed to decide if its
worthwhile going into the admin control panel to read the submissions .
I'll be releasing v1.0 of php takeaway in about a weeks time and you can
grab the images / php code for the image code and hack it around to suit
yourself .
--
www.phptakeaway.co.uk
(work in progress)
Chuck Anderson
> "Chuck Anderson" <website...@seemy.sig> píše v diskusním příspěvku
> news:GvudnTrlfZJqlzXY...@comcast.com...
>
>> I have a contact form on my site (been there for a few years) and just
>> lately someone has begun using it to send Spam to me - and only to me (one
>> to three times a day). I can tell because I track the usage of those
>> contact form scripts (that I wrote) closely. The person is not even trying
>> to inject anything into the headers, they are just sending me URLs to their
>> porn sites.
>>
>>
> Google is your friend :-) Search for word "captcha".
>
.... just to follow-up .....
I found an easy to implement captcha (image) system -
http://www.white-hat-web-design.co.uk/articles/php-captcha.php
- and added it to my contact form. If the captcha code does not match I
display an error saying so and provide a Go Back button.
That seems to have stopped it.
Thanks to everyone for all the ideas and pointers.