Clever bots or someone getting paid?

Thesnipergecko

Thesnipergecko

Thesnipergecko

Soldato
Joined
17 Oct 2002
Posts
7,413
Location
Stoke-on-Trent
Recently ive been getting a lot of spam off one of my websites.

The clever thing is though my websites only use hardcoded contact forms, no where on the site does it show an email address.

So ... either someones sitting there spamming my contact forms or web bots are getting smarter?

Paul ...
 
Thesnipergecko said:
Recently ive been getting a lot of spam off one of my websites.

The clever thing is though my websites only use hardcoded contact forms, no where on the site does it show an email address.

So ... either someones sitting there spamming my contact forms or web bots are getting smarter?

Paul ...
Click to expand...

Its SkyNet.......
 
What's the spam like? Is it a PHP form you use? Is the reply-address from your domain? I'm no expert but the guys here will be able to point you in the right direction for making it more secure. :)
 
Scam said:
What's the spam like? Is it a PHP form you use? Is the reply-address from your domain? I'm no expert but the guys here will be able to point you in the right direction for making it more secure. :)
Click to expand...


http://www.the-reviewer.co.uk/index.php?page=contact

thats the form, strange thing is its selecting all 3 options from the drop down menu and emailing different things to each one.

The email address is hardcoded into the php code so its not visible to the public even via the view source.

Paul ...
 
Thesnipergecko said:
The fact that its actually reading the form and changing the options on it.

Paul ...
Click to expand...
How is it doing that? Is it actually putting coherent sentences in and changing the options such that the email actually makes sense?

By the way, very nice design you have there :)
 
Thesnipergecko said:
The fact that its actually reading the form and changing the options on it.

Paul ...
Click to expand...

Its actually very easy to make a piece of software that can fill in forms on websites. Things like Microsofts web COM control (you can use it with .Net languages and maybe more) do pretty much everything for you, reducing the code to something along the lines of:

find form
type "....." in form
press button called "..."

It really is pretty easy.
 
Inquisitor said:
How is it doing that? Is it actually putting coherent sentences in and changing the options such that the email actually makes sense?

By the way, very nice design you have there :)
Click to expand...

Thanks :)

Its sending emails to the 3 options in the drop down list, each email contains different text about either buying viagra or meet my horny step mom kind of emails.

Lagz said:
Its actually very easy to make a piece of software that can fill in forms on websites. Things like Microsofts web COM control (you can use it with .Net languages and maybe more) do pretty much everything for you, reducing the code to something along the lines of:

find form
type "....." in form
press button called "..."

It really is pretty easy.
Click to expand...


Ive never experienced a bot filling out forms before, ive always thought they were a pretty secure way to fight spam on the web.

Paul ...
 
You need to add some form of image verification (Cant remember the proper name) it should stop it then :)
 
Thesnipergecko said:
Ive never experienced a bot filling out forms before, ive always thought they were a pretty secure way to fight spam on the web.

Paul ...
Click to expand...
Certainly not. Although they prevent your email address being picked up and spammed to death, they don't stop bots at all. One way of hindering bots is to put some sort of timeout on the contact form, so it can only be submitted once every few minutes maybe. Also, you could try and find the bots' IP adddresses, and then block those.

^ And image verification, as above. That's the most obvious one :o
 
Inquisitor said:
Certainly not. Although they prevent your email address being picked up and spammed to death, they don't stop bots at all. One way of hindering bots is to put some sort of timeout on the contact form, so it can only be submitted once every few minutes maybe. Also, you could try and find the bots' IP adddresses, and then block those.
Click to expand...

Yeah im looking into that, using GD libraries.

Damn spam bots

Paul ...
 
You must log in or register to reply here.
Back
Top Bottom