Results 1 to 21 of 21
November 11th, 2008, 01:54 PM #1Can anyone explain this odd type contact SPAM I keep getting?
I have some contact forms on several of my sites. A couple of those sites keep getting some sort of spam, I guess, that generally appears to be either unreadable garble or maybe in a foreign language. They all look something like this:
Subject Line: pjPHkgdGcydxdIyXxlI
K8mxwC <a href="http://rshudernhbox.com/">rshudernhbox</a>, http://XXXXXeiqiqn.com/zsoadteiqiqn, http://XXXXXzdsukop.com/XXXXXzdsukop, http://XXXXXbpbz.com/
I have used XXXXX to replace some of the letters in the original, because I do not wish to give anyone legitimate links here or on my website.
But, can anyone explain in simple terms an Old Guy can understand -- what in the world is this? What are they hoping to accomplish submitting this via contact forms on my blogs?
I just really don't "get it" on this. Are the blogs receiving this stuff in trouble? Anybody know how I can stop it? Or do I even need to worry about it?
Last edited by loxly; November 11th, 2008 at 02:05 PM. Reason: unlinked links that were automatically linkedGenerate more fake news.
November 11th, 2008, 02:02 PM #2
This reminds me of what we saw a few weeks back when one of our contact forms got hammered with stuff that apparently was attempting a buffer overflow to break in to the server. If you start seeing hundreds or thousands, either block their IP or take the site down temporarily...
November 11th, 2008, 02:12 PM #3
If your form script is in a directory that is the same as the name of the script it seems to get more interest from crooks. I'm talking of well known scripts here, and not homemade ones.
I have some from Phorm and the directory was /phorm/. I changed the directory and the file name away from contact-us.php. This reduced the traffic from crackers a lot. Once they had my old URLs they where probing me from all over the world. Now at least they are temporarily confused.
This is not the answer to your question but something that might help in the overall plan.
November 11th, 2008, 04:11 PM #4
Getting the same here for about the past 2 or 3 weeks. They usually come 2 in a row; the first one is blank and the second one is the spam. There have only been maybe 5 or 6 total though.
November 11th, 2008, 04:29 PM #5
I could be wrong here. But if you have a spare computer with PHP onit you might try run this script onit to see if it will decode it. Becareful tho it could be a hack script encode.
$txt="bla bla bla text in spam mail";
$txt .= base64_decode($txt);
Example below produces the last line of text.
$txt = "I Love ABestWeb ";
$txt .= base64_encode($txt);
Last edited by Bob Lawrence; November 11th, 2008 at 04:49 PM. Reason: left out some important code. Added ExampleWhere's the Great Life of Affiliate Marketing Hiding?
November 11th, 2008, 05:54 PM #6
Just got my second one of the day:
From: nmEJJhDDWkxDknt (firstname.lastname@example.org)
Message: jplnsy <a href="http://xxxxxbxf.com/">gmszelrwlbxf</a>, wnaxepnoxosa, [link=http://xxxxxxmx.com/]rhduwqtflxmx[/link], http://xxxxxauxs.com/
What's odd is that none of the URLs are even registered so I don't know what the point is. Apparently someone has way too much free time on their hands.
November 11th, 2008, 07:26 PM #7
Just to let you know Greg,
I tried decoding it. base64 and encoding it base64 and nothing made any sence.
I don't have the foreign language module installed or I should say enabled in php.Where's the Great Life of Affiliate Marketing Hiding?
November 11th, 2008, 07:59 PM #8
I've been getting these same messages for quite some time, too. They're coming from just the one site's contact forum (guess they haven't discovered the other ones yet lol ) Gonna keep an eye on this thread to see if there is something I can do to stop it. Don't quite understand what Johnny posted but don't have the time right now to attempt to understand it either lol so will wait til after the holidays and come back to this. ummm that is unless I forget lol
November 11th, 2008, 10:14 PM #9
Gary and others,
Do you have CAPTCHA installed for the contact form?
November 11th, 2008, 10:20 PM #10
- Join Date
- October 11th, 2008
It's an attempt to drill thru greylisting.. Send one total junk, then send the second one which will trigger the greylisting software to let it pass. The added "benefit" is that the spam looks more legitimate when the message next to it is total junk.
It's an old trick that we first noticed when the first greylisting systems came online a few years ago.
Captcha fixes it for online form abuse.
November 11th, 2008, 10:26 PM #11
I got these for a while. It is a script that fills out a form and submits it. Since most forms use common form names and inputs they use different variables to learn which form returns a 200 code from a thank you or confirmation page.
I stuck a captcha on the forms and haven't had one since.
I'd guess they are hoping to form spam you at some point. They could also be gathering email addresses from auto responders or worse they are looking for some vulnerability or injection they can use in your form, by learning the submit process they hope to find a way to add a bcc field to the form submission. I don't recall the name now, but there was a free cgi form that was widely used about 7 or 8 years ago and it had such a vulnerability. Kind of like a sql injection with php.
November 12th, 2008, 07:38 AM #12
November 12th, 2008, 09:59 AM #13
November 12th, 2008, 11:02 AM #14Originally Posted by ladidah
November 12th, 2008, 11:11 AM #15
That reminds me of new spam I am getting from people located in Taiwan, They have been sending me weird emails like that but I got one straight one and it was advertising for their replica store and cheap electronics, scammers and spammers.Wear Short Sleeves!!! Support the right to bare arms!
November 12th, 2008, 01:16 PM #16
Thanks so much, all who have responded to my original question. Very helpful.
The sites I run contact forms on are all WordPress.
I was using a WordPress contact plugin called "Contact Form 7." If it offers captcha, I've not seen how to set it up.
I switched to a plugin called "cforms." But I am simply not smart enough to figure out how to get that awful thing to even work! Okay, it may be a fine plugin, so I take back the "awful thing," but I can't figure it out.
SO I found a WP plugin called "easy contact," and I can figure it out. This one offers a security question you can require, either a random math problem or challenge question, or both.
My question about this would be: Is such a verification system as effective as a captcha?
If not, does anyone know a good captcha plugin for WP that I don't need to be a bona fide rocket scientist to install and configure?
Oh, one other thing: If you want to see that "easy contact" WP as I have it working, it's on the "Contact Us" page of the blog you can reach through the "Writerguy" link in my sig file.
Last edited by writerguy; November 12th, 2008 at 01:24 PM. Reason: To add last paragraphGenerate more fake news.
November 12th, 2008, 01:39 PM #17Originally Posted by writerguy
On a side note: I just de-installed the plugin a few days ago because my site RSS was messed up (not updating and getting errors) due to one of the multiple plugins I had. So I de-installed each one to see which one was the culprit. After I de-and-re-installed cforms the form I used was not working. I need to spend time setting it up again but haven't had the chance. Low and behold, last night I got the exact same spam you were talking about. Together followed by another even longer spam full of porn, etc.
November 12th, 2008, 01:44 PM #18
I tried cforms on a site, my gawd, after about 2 hours I gave up and found contact 7.
To add the captcha use something like this
<p>[captchac captcha-280 size:m]</p>
<p>Enter the above code into the box below</p>
Last edited by knight01; November 12th, 2008 at 01:50 PM. Reason: didn't have the box below code
November 12th, 2008, 01:44 PM #19Originally Posted by ladidah
Who's the culprit? C'mon -- confess now and it'll go easier on you.
On a serious note, I made at least three tries at getting that cforms plugin to work. Twice I had a friend on another forum give me suggestions that really should have been easy to follow, using already existing cform stuff and modifying it for my site as you suggested you did.
Just couldn't figure out how to get anything right from it all. I think I had a form working, but it looked about as classy and "business like" as something from a 5-year-old's coloring book. (No offense meant to any 5-year-olds out there reading this.)Generate more fake news.
November 12th, 2008, 01:48 PM #20Originally Posted by knight01
Groan. Probably gonna stick with the easy-contact form using the math question option. *sigh* Thought I knew at least a LITTLE bit about running WordPress, but now I dunno.Generate more fake news.
November 12th, 2008, 05:01 PM #21Originally Posted by knight01
Originally Posted by ladidah
By Snib in forum Midnight Cafe'Replies: 26Last Post: April 9th, 2007, 06:33 PM