Trick to escape from form hijacking

Re: Trick to escape from form hijacking

Hi Theodore,
I suppose that you mean using your form script for sending spam ? Or are you meaning capturing your own email address, to send spam to YOU ?

In this second case, the form script can NOT be captured by any spider or bot. It is hard coded in the script itself, so it is not captured by code analyzers. However, it can be captured manually, if you have an autoresponder in your script, and this autoresponder uses the same email address as the script. It will be enough to make a form submission and receive the autoresponder email, to have your email address captured by a spammer.

In the first case:

bot or manual hijacking of form scripts, is used to send spam mail through your mailserver, and has nothing to do with the email address used. It sends directly from the form script, using your mail server. Injecting some of the form fields with additional code, that works as a trojan horse (for the script) will have the same effect even if you change the email address as you suggested above.

The only solution in this problem is to use a script like the ABVFP which will not allow (if so set) to have the @ symbol in the form values submitted, thus preventing the use of your script for spam purposes.

Re: Trick to escape from form hijacking

Hi naval

i'm talking about capturing my own contact form, to send spam to me.

Take a look in "contact us" form in my website www.avitecengineering.com

I was receiving more than 30 SPAM e-mails per day, using my form.

When i make the above it stops.

Re: Trick to escape from form hijacking

You can simply encrypt your email. Have a look at http://www.dynamicdrive.com/emailriddler/index.htm

Re: Trick to escape from form hijacking

Thanks alot Naval.

Theodore.