 | |
#1
 
| |||
| |||
|
Webform used by spammers -
07-06-2006
, 04:05 AM
#2
| |||
| |||
|
|
I am using the latest version of FormMail.pl on a standard web form. I am getting dozen of emails a day that have been send via the webform, probably using a bot (so I am told). How can I stop this? |
I've a number of sites using it and never had a problem - though I may be
lucky.
Have you got all the correct security settings in the script?
It may be worth a review of the README.txt file.
--
PeterMcC
If you feel that any of the above is incorrect,
inappropriate or offensive in any way,
please ignore it and accept my apologies.
#3
| |||
| |||
|
|
Paul H wrote in H_idnRhMgdi3WTHZnZ2dnUVZ8qednZ2d (AT...e (DOT) net.uk I am using the latest version of FormMail.pl on a standard web form. I am getting dozen of emails a day that have been send via the webform, probably using a bot (so I am told). How can I stop this? If it's the FormMail.pl available from http://nms-cgi.sourceforge.net/ , I've a number of sites using it and never had a problem - though I may be lucky. Have you got all the correct security settings in the script? It may be worth a review of the README.txt file. -- PeterMcC If you feel that any of the above is incorrect, inappropriate or offensive in any way, please ignore it and accept my apologies. |
My hosting company have said this is nothing to do with the FormMail.pl
(they have recently checked and replaced it) and have suggested that someone
is using a bot that automiatically runs the HTML code of my web form. Are
you saying that if my FormMail.pl file was secure in the first place, the
whole bot thing would not be possible?
Regards,
Paul
#4
| |||
| |||
|
|
"PeterMcC" <peter (AT) mccourt (DOT) org.uk> wrote in message news:44acce63$0$984$ed2619ec (AT) ptn-nntp-reader01 (DOT) plus.net... Paul H wrote in H_idnRhMgdi3WTHZnZ2dnUVZ8qednZ2d (AT...e (DOT) net.uk I am using the latest version of FormMail.pl on a standard web form. I am getting dozen of emails a day that have been send via the webform, probably using a bot (so I am told). How can I stop this? If it's the FormMail.pl available from http://nms-cgi.sourceforge.net/ , I've a number of sites using it and never had a problem - though I may be lucky. Have you got all the correct security settings in the script? It may be worth a review of the README.txt file. My hosting company have said this is nothing to do with the FormMail.pl (they have recently checked and replaced it) and have suggested that someone is using a bot that automiatically runs the HTML code of my web form. |
your HTML - if that's what your hosting company is saying, then someone's a
bit confused. The code's in the FormMail Perl script.
Quote:
|
Are you saying that if my FormMail.pl file was secure in the first place, the whole bot thing would not be possible? |
form that's generated by FormMail on your web site?
That's not the usual problem associated with FormMail- Matt's script, once
widely used, was vulnerable to being used for spammers to send out spam via
someone else's FormMail.
--
PeterMcC
If you feel that any of the above is incorrect,
inappropriate or offensive in any way,
please ignore it and accept my apologies.
#5
| |||
| |||
|
|
That's not the usual problem associated with FormMail- Matt's script, once widely used, was vulnerable to being used for spammers to send out spam via someone else's FormMail. |
script to send emails to other people's domains, so using it as a sort of
open proxy.
The common problem now is that FormMail is being used to spam the domain
that it is being used to serve - either because the bot is loading the form
in a web page and submitting it or because it is simulating the post event
of the form. Both of which are easy to do. The way forward is probably to
use "captcha" (see the reply from to your identical posting in
alt.www.webmaster), but that's something I still need to come up to speed
on.
--
Brian Cryer
www.cryer.co.uk/brian
#6
| |||
| |||
|
|
I am using the latest version of FormMail.pl on a standard web form. I am getting dozen of emails a day that have been send via the webform, probably using a bot (so I am told). How can I stop this? Can I force visitors to use one of those randomly generated numbers that you see on the login page of some websites to stop automated use of my web form? Can this be done on a static HTML page? |
I'm unfamiliar with FormMail.pl, but for a while I had a spammer trying
to exploit a form on one of my sites. The form was very simple, it just
had a "type your message here" input box and a "send" button. The
spammer entered mail header fields (e.g. "Cc: foo (AT) example (DOT) com") as the
first entries in the body area in the (false) hopes that my mail form
would just glue the body onto some preformed headers and dump it off to
an SMTP function. Had that been the case, the CC would have become part
of the mail headers and foo (AT) example (DOT) com would receive a copy of the
message.
Because of the way I'd coded my form, this wasn't a problem, but I'm
sure the spammer found some miscoded forms out there to abuse. I just
wanted to make you aware of this potential vector.
Here's someone who has written a detailed summary of it:
http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay
You could also Google on mhkoch321 (AT) aol (DOT) com, homeigoldstein (AT) aol (DOT) com or
homerragtime (AT) aol (DOT) com which were the addresses that the spammer BCCed
him/herself with.
Good luck
--
Philip
http://NikitaTheSpider.com/
Bulk HTML validation, link checking and more
 |
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.