Hi, From time to time, some people try to use forms in my web sites to send spam. These "forms" include bcc: *******@aol.com. This could be the address that the spammer use to check whether the spam trials are successful or not. Should I report this to AOL or to a legal authority in the USA ? Jean-Luc
First thing, get a better form software that will be able to handle the spam problem. I don't have a name at hand, but look that it has some form of verification/captcha, and doesn't suffer security vulnerabilities. Reporting...I never do that, but why not if you have time. I'm sure at least AOL has a publically available method of reporting spam,though in this case I doubt the spammer comes from AOL network.
Thanks for the answer. The spam problem is handled by the software. This software reports that there are unsuccessful trials to send spam. Yes and no! In my opinion, the spammer tries to use my form (and most probably hundreds of other forms) to send spam and he uses several bcc: AOL-addresses to check how good all this works. They are not succesful with my site, but they probably are with other sites. It would be good for everybody that AOL closes these accounts used for "illegal" purposes. Jean-Luc
I got something similar yesterday, never seen it before. They filled out the form and put this in one of the required lines: Now, because I add slashes and generally sanitize the message, I doubt this will have worked. But I'm going to stamp down on it anyway.
Hi, I 've had the same problem a while ago. Instead of asking me IP adressess from the sender AOL just blocked the IP of my site from there network. There taking the easy way out if you're asking me
That would suck because then your genuine newsletters wouldn't arrive with your customer base either.
I never checked but always thought they are actually using BCC to send spam, not for confirmations to their address. Anyway, I might sound a bit alibistic, but as Celsius says, I would be more concerned about my site/IP not getting banned than about banning spammers.
I guess that AOL did this because spammers were able to send their spam through your form. The IP addresses from the sender would probably not help. These guys are hidden behind proxies. Jean-Luc
wWe also make sure that our form is being sent from our server. A lot of times, the spammers just use the confirmation form. So we added a session variable in there as well as an image verification. There are a lot of threads about the PHP script vulnerability / injectio headers and how to prevent it. We use ASP ourselves and have noticed that there are not as many problems with the forms we created.
This is really interesting, especially that it has been happeneing to everyone recently. Ive never had it before either, and now suddenly Im getting form spam. Must be a new technology they are trying out