I have put in the catcha and the java block for to many letters. I do not know if the spam actully goes anywhere or if they just come to my email. But i want to know how in hell they can keep on spaming my recomend friend script and what i can do about it. You will find the script here half down on the page and this is a sample of the spam. X:20:33 -0500 (EST) To: Subject: You were recommended! From: Message-Id: <20070219042033.7D01B922EB@node2.c23> Date: Sun, 18 Feb 2007 23:20:33 -0500 (EST) Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: Outlook Subject: one simple step towards drastically increasing your income bcc: , , , , The emails is about half a page long no point posting it here Obtain your diploma, bachelors\' or Masters\' in 2 weeks time from prestigious universities based on your present knowledge and life experience. No tests, exams or classes require. Call us now to receive yours today! 1-270-837-3127 (be sure to clearly speak your name and phone number so that we can return your call) Confidentiality Assured 5d7e69a070bd04545060f61e83fdf554 . has used the tell-a-friend form. Their email address is The people they have recommended are: Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: Outlook Subject: one simple step towards drastically increasing your income bcc: , , well the list goes on for another page but no point list it here Obtain your diploma, bachelors\' or Masters\' in 2 weeks time from prestigious universities based on your present knowledge and life experience. No tests, exams or classes require. Call us now to receive yours today! 1-270-837-3127 (be sure to clearly speak your name and phone number so that we can return your call) Confidentiality Assured
CAPTCHAs are pretty easily crackable and they can be automatically parsed. I looked at your CAPTCHA and it looks very easy. I would try added some custom fonts and changing up the background at least. There are a lot of other ways you can stop the spam. If you notice a pattern in the emails, you could block those from being sent.
But how ? I blocked so they can not enter many letters in the boxes and still they enter 1000 of words
You're using Javascript to limit the characters? Then they just disable Javascript, it's pretty easy.
Your CAPTCHA is broken, it shows always the same letters: http://www.walkingwithtigers.org/image.php (or try reloading your page) Probably you need to pass the 'image.php' script some parameters - ask the guys you got the script from... HTH, cheers!
Picouli is correct, your captcha is broken. It does not change when it is reloaded. This means that people can create a simply CURL script to enter all the data in your form and use you to send out spam. Your script may also be broken. There is an error on the recommend a friend page: Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at /mounted-storage/home39b/sub009/sc30763-WUAU/walkingwithtigers.org/headers.php:35) in /mounted-storage/home39b/sub009/sc30763-WUAU/walkingwithtigers.org/tellemail.php on line 124 You have several things you need to do with the tellemail.php script. 1 - fix the problem with the sessions variables 2 - fix the problem with the captcha generator 3 - check all the data that users put into the form before sending it out They are probably incorporating en encoded newline character and the bcc: and a list of email addresses in the email address that they submit and their own email message. They might be including their own subject headers! You need to reduce the given email address to a single email address. If it is more than that, do not bother telling their frienjds about your site! In all cases, when you dump a spammer's message . . . always tell then the message was sent successfully.
Yes, Picouli is correct. your captcha is broken. Change script first and if possible use the random font also. now, your current font is very easy to hack.
I have started a block list for stopping spam, it helps a bit, but not block all spam. You can "join" it by adding the following code in your PHP file_get_contents ("http://block-update.tne-spam.com/".$_SERVER["REMOTE_ADDR"].""); $reverse_ip = implode(".", array_reverse(explode(".",$_SERVER["REMOTE_ADDR"]))); if (checkdnsrr($reverse_ip . ".spam.tne-spam.com.", "A")) { header("HTTP/1.1 307 Temporary Redirect"); header("Location: http://spamblock.tne-spam.com/BlackList/".$_SERVER["REMOTE_ADDR"].""); echo "you are blocked mate"; die(); } It is true that spammers change IP's, but what i am doing is blocking IP by ISP/region as well as blocking of proxy sites, and i hope this will help to stop spamming. I have 50% less spam when starting to use this script.
Well there is a CGI script that is able to strip down layers of images and find fonts. Since yours seems like a simple font, it's easily crackable.
i just had this problem last week someone Cracked the process php for my contact form and sent out over 10 emails that contained 1000 email address(s) included in it... make sure in the message line (that To: is removed and <email> is removed. that will stop about 80% of the spam in the process file. for example mail (youremailaddress@yourdomainname.com,$subject,$message,"From: $name <$email>"); Remove where it says "From: all the way to <$email> so for that line if you see it in your process file make it look like mail ('xxx@domainname.com',$subject,$message); (xxx@domainname.com) is where you want it to go to or point to be sure to put in your transporter in that area. that will cure the mail() hack exploit
Here is a copy of my headache i took care of this week.. Return-Path: <anonymous@Chicagoboy27.prod.phx1.secureserver.net> Delivered-To: Received: (qmail 2240 invoked by uid 48); 20 Feb 2007 15:23:55 -0000 Date: 20 Feb 2007 15:23:55 -0000 Message-ID: <20070220152355.2146.qmail@Chicagoboy27.prod.phx1.secureserver.net> To: Subject: From: Content-Transfer-Encoding: 7bit Content-Type: text/plain Subject: High quality BRAND name medications for generic med prices Up to an incredible 80% off of everything from VlAGRA to Ambien, we have nearly every name brand drug on the market... there is no prescription required, shipping is extremely fast and completely discreet, and we have the best prices you'll find on the net! We have been in business for many years, with the utmost professional standards.. do not let yourself be drawn in by fly by night scam sites, many of whom don't even send a product! <A HREF=http://www.wellprx.org > Click here </A> to fulfill all of your drug needs, you'll never have to scour the net for your medications ever again! Satisfaction is guaranteed, we will not disappoint! Content-Transfer-Encoding: 7bit Content-Type: text/plain Subject: High quality BRAND name medications for generic med prices bcc: About a 1000 emails went here in this section and about 10 to 15 fake server email address(s) went here Up to an incredible 80% off of everything from VlAGRA to Ambien, we have nearly every name brand drug on the market... there is no prescription required, shipping is extremely fast and completely discreet, and we have the best prices you'll find on the net! We have been in business for many years, with the utmost professional standards.. do not let yourself be drawn in by fly by night scam sites, many of whom don't even send a product! < to fulfill all of your drug needs, you'll never have to scour the net for your medications ever again! Satisfaction is guaranteed, we will not disappoint!