Form Security and Spam

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • motoxxx
    Major

    • Dec 2005
    • 343

    Form Security and Spam

    Not sure if this is the right place for this but here goes.

    I have several sites up with some pretty detailed contact forms for people to get info about health insurance. Last week I started getting these forms submitted to me filled with links about buying ******, ****** etc..... these are coming in with about 30-50 links in each one and I am getting about 20 per day that are dong this from my website. I have removed my "Comments" box from the form as that was the section that they were filling up but it didn't really help.

    Does anyone have any ideas on how to get this to stop?
    Affordable Medical Insurance
    Discount Dental Plan
    Washington State Health Insurance
    Temporary Health Insurance
    Homeowner Insurance Quote
  • apricotslice
    Staff Sergeant

    • Apr 2006
    • 46

    #2
    Re: Getting spammed HARD

    Are they coming from real people, or is some form of webbot accessing your form ?

    If its the latter, you can deny bots access using robots.txt. There is help here on that, I asked about it a while back. I havent actually blocked any part of my site yet, so cant tell you the mechanics, but it did look easy to do.
    http://CircleofAtlantis.com
    http://ApricotMappingService.com

    Comment

    • VodaHost
      General & Forum Administrator

      • Mar 2005
      • 12356

      #3
      Re: Getting spammed HARD

      You can not stop spammers from filling out your contact form multiple times, this is all part of doing business on the internet. Just deal with and move on, we spend about 10 minutes a day deleteing spam from forms.

      What can do is design your contact form so that it does not accept multiple submissions from the same IP address. This will stop the begginer to average spammer from hitting your form, but it will also stop legitimate customers from contacting you more than once.

      VodaHost

      Your Website People!
      1-302-283-3777 North America / International
      02036089024 / United Kingdom
      291916438 / Australia

      ------------------------

      Top 3 Best Sellers

      Web Hosting - Unlimited disk space & bandwidth.

      Reseller Hosting - Start your own web hosting business.

      Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


      Comment

      • VodaHost
        General & Forum Administrator

        • Mar 2005
        • 12356

        #4
        Re: Getting spammed HARD

        Originally posted by apricotslice
        Are they coming from real people, or is some form of webbot accessing your form ?

        If its the latter, you can deny bots access using robots.txt. There is help here on that, I asked about it a while back. I havent actually blocked any part of my site yet, so cant tell you the mechanics, but it did look easy to do.
        The problem with your idea, is that it will stopped the repeat spammer but not the new spammer.

        A spammer by definition is not a spammer until they post there junk on your site. Until that point they are just a normal visitor.

        VodaHost

        Your Website People!
        1-302-283-3777 North America / International
        02036089024 / United Kingdom
        291916438 / Australia

        ------------------------

        Top 3 Best Sellers

        Web Hosting - Unlimited disk space & bandwidth.

        Reseller Hosting - Start your own web hosting business.

        Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


        Comment

        • Jeremy
          Brigadier General

          • Apr 2006
          • 1502

          #5
          Re: Form Being Spammed

          Hey,

          Yeah, I have been getting the same problem, I went to go check my form e-mails and I had the same thing, not sure if I have his location yet, but I will try to contact this person.
          Best regards,
          Jeremy

          www.cornwall4rent.com

          Comment

          • Jeremy
            Brigadier General

            • Apr 2006
            • 1502

            #6
            Re: Form Being Spammed

            .. and now for some reason my e-mail doesn't work at all? Something going on ..?
            Best regards,
            Jeremy

            www.cornwall4rent.com

            Comment

            • navaldesign
              General & Forum Moderator

              • Oct 2005
              • 12080

              #7
              Re: Form Being Spammed

              There are some things you can do, generally speaking, to avoid part of the spam emails.
              To avoid your form script being used to send spam emails to others:
              1. Use ABVFP. If the form is properly setup, it will block attempts to send mass emails to third persons. Even the comments textarea, will only accept one or no email addresses at all. No pro spammer is going to loose his time in sending out (manually) spam emails, if he has to manually fill in everytime the form. And, he won't even bother to send YOU a spam email this way. ABVFP will also detect and block any attempt to use your script overriding the form (this is what pro spammers do, they have a bot automatically submit directly to your script, without going through your form).

              2. If you need to place a direct mail link on your site, encrypt it. Bots will not be able to find it (at least not easily)
              Navaldesign
              Logger Lite: Low Cost, Customizable, multifeatured Login script
              Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
              DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
              Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

              Comment

              • apricotslice
                Staff Sergeant

                • Apr 2006
                • 46

                #8
                Re: Form Being Spammed

                Originally posted by navaldesign
                2. If you need to place a direct mail link on your site, encrypt it. Bots will not be able to find it (at least not easily)
                How do you do that ?
                http://CircleofAtlantis.com
                http://ApricotMappingService.com

                Comment

                • navaldesign
                  General & Forum Moderator

                  • Oct 2005
                  • 12080

                  #9
                  Re: Form Being Spammed

                  Navaldesign
                  Logger Lite: Low Cost, Customizable, multifeatured Login script
                  Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
                  DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
                  Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

                  Comment

                  • Jeremy
                    Brigadier General

                    • Apr 2006
                    • 1502

                    #10
                    Re: Form Being Spammed

                    Hey,

                    Thanks George, but what I am going to do is set a 1 message limit per week through the form with that I.P address .. think its a good idea?
                    Best regards,
                    Jeremy

                    www.cornwall4rent.com

                    Comment

                    • navaldesign
                      General & Forum Moderator

                      • Oct 2005
                      • 12080

                      #11
                      Re: Form Being Spammed

                      No. For most users, IP changes dynamically as soon as they disconnect and then connect again. Each serious ISP provider has hundreds (or even thousands) of IP addresses, so this will not help you at all. Just make a secure script. As soon as the spammer sees (automatically) that he is not succesfull in sending you spam mails, he quits.

                      And, ofcourse, you can also incorporate a captcha in your form.
                      Navaldesign
                      Logger Lite: Low Cost, Customizable, multifeatured Login script
                      Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
                      DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
                      Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

                      Comment

                      • Jeremy
                        Brigadier General

                        • Apr 2006
                        • 1502

                        #12
                        Re: Form Being Spammed

                        Ah ****! Yeah thanks for reminding me! I completly forgit! I accually set my I.P to change every minute myself.
                        Best regards,
                        Jeremy

                        www.cornwall4rent.com

                        Comment

                        • Collectors-info
                          General

                          • Feb 2006
                          • 8703

                          #13
                          Re: Form Being Spammed

                          Hi, sorry to step in!
                          But wasn’t there something in c cannel where you could enable a facility that made emailers have to put a randomly generated 4 digits in a box to enable the email to be sent. (This only had to be done once) Think it may have been called box trapper. Its in the help in c panel but not available in the main panel any more? I believe this was to help with spam.
                          Regards Chris.

                          Collectables, Collecting, collectors-info.com

                          www.chrismorris.co.uk

                          House build project

                          Comment

                          • Andy128
                            Major General

                            • Dec 2005
                            • 2317

                            #14
                            Re: Form Being Spammed

                            Having just looked at your form- you have no error checking. In other words, if they fail to fill in a name or a phone number the form will still submit. I suspect that your form has been found by bots and has been deemed vulnerable. It is most likely being auto filled by the bot program. You can stop this type attack.

                            You will need to implement some security measures such as: limiting the text fields, strip_tags, and replacing in @ in the comments box. Additionally- you should create a picture of numbers -say: 1569 and place it on the form. Then have the customer input the number in a text box. Then the script would check for that input, if it is not there- the form will not be sent. This will stop bot injection but not humans direct filling out your form. However- humans will not sit and take the time to fill out your form to spam you.

                            Using the ABVFP as Navaldesign has suggested would be the best solution. It is an easy to use program and very
                            secure. Naval is very proficient at this.

                            I too will be happy to assist if you'd like. If you'd like to try on your own first- here are some detailed instructions:


                            Andy
                            PHP- is a blast!

                            Comment

                            • beebrothers
                              Captain

                              • Dec 2006
                              • 226

                              #15
                              Re: Form Being Spammed

                              any new updates to this..it didn't work correctly, no matter what combination of errors i put in i still got the same messege, and when everything was correct i got a message..

                              thanks for your help
                              http://www.beebrothers.org

                              Success is not a doorway. It is a staircase.

                              Comment

                              Working...
                              X