A few of my email forms have been hit by a spam attack. The hit on the form is one IP address and the hit on the sendpage is another IP address. This continues with different IP hits on the send page and the same IP on the email form page. Yesterday i blocked an IP that was consistant with this method, but of course day 2 they have changed IP's. The message of the email is generally in this format: Nice site! h t tp://ohlzbyio.com/tqau/gbmw.html | h t tp://mzmsuavj.com/mien/jkkw.html With the websites changing everytime. Has anyone else been seeing these? Ian
Hi, I'm not sure but it sounds like they're using your form to relay spam. You need to update the validation part of your form to check that the referrer (ie the form submission) is coming from your website and not another IP. If this makes sense with what you're seeing then I can post a link - but that would be ASP validation though. <edit>.. just noticed it's a php forum....doah!</edit> Cheers, Paz.
It's not a relay spam attack, I use to get this and now have banned certain text etc. The submission is from the form with IP 'A' then the process form page shows IP 'B' Ian
Someone's been doing the same to me by actually putting the same thing in CuteNews.. and spamming me a lot.
Bro Go in for the Bad Behaviour Script ... Believe me it is too good http://www.homelandstupidity.us/software/bad-behavior/ Thanks Abhishek
A dirty, but decent method that I have adopted for some spam hot-spots is to use the ion-cube HTML obfuscator and ob_start(), ob_end_flush() to hide the HTML form... then I use hidden fields to pass to the form-handler script. I know what you are talking about as I was hit also and I was restricting the referer to my form and a few other 'usual' tricks to block direct access to my handler.php script. I was quite baffled by how they were doing it as it shouldn't have worked, but having more important things to do than tracking spammers, I went with this route. AFTER your form is locked down by the free, ion-cube HTML obfuscator, you can setup hidden field payloads that your handler.php knows about. While this can be counterd by sniffing the packets coming from your form, it did stop the oddball spams being generated from my forms. I haven't had a single problem since I did this, but it does play hell with any javascript being used on your page. I hope this helps.
A client had a form spam problem which I resolved by including the form (just the form) in a javascript file. The script that processes the form has a complete random filename (actually generated using an md5 hash) so any spammer looking for common names like mailform.php or form.php, etc., will never find it It also checks IP and whatnot, but it wasn't until I was using the JS method that the spam stopped altogether.