Page 1 of 2 12 LastLast
Results 1 to 25 of 27
  1. #1
    ABW Ambassador Snib's Avatar
    Join Date
    January 18th, 2005
    Location
    Virginia
    Posts
    5,303
    Contact Form Spam
    I thought there was a thread about this, but I couldn't find it. Anyway I've noticed a *HUGE* surge in contact form spam lately. Seems somebody's gotten hold of an automated script for submitting this garbage. I never thought I'd need a CAPTCHA for my contact form, but I'm getting extremely tempted. Just when you thought there couldn't be a lower form of spam this happens.

    - Scott
    Hatred stirs up strife, But love covers all transgressions.

  2. #2
    general fuq mrbshouse's Avatar
    Join Date
    January 18th, 2005
    Location
    Argieville
    Posts
    1,381
    if you haven't already banned the java bots you might try that...it should cover scrapers and maybe this form crap too. (guessing here)

  3. #3
    .
    Join Date
    January 18th, 2005
    Posts
    2,973
    Contact form spam; contact-form trends
    I don't use contact forms on any of my sites (I post email addresses and run multiple spam filter systems at the server and client level), but I have noticed an increase in the number of web sites that have added "image-text" confirmation boxes to their contact forms (you know, the forms that say "type the text from the image above"). That's a pretty clear sign that contact-form spam is a problem.

    I've spent this week identifying potential affiliate sites for a new program, and trying to obtain contact information to solicit those potential affiliates.

    (A) About one-third of the sites I'm identifying use a contact form instead of an email address, with perhaps a third of those using an "image-text" confirmation. Between a third and half still post an email address; and the rest provide no mode of contact whatsoever. (A new trend: several sites provide a telephone number as the only mode of contact.)

    (B) Of the email addresses provided, more than half bounce as unrecognized. Of the contact forms, about one-third are "broken" (script or form not working properly) and another 10% appear to work, but then trigger an email-bounce notice.

  4. #4
    ABW Ambassador Sheri's Avatar
    Join Date
    February 17th, 2005
    Location
    Kansas
    Posts
    531
    Are you experiencing this on the form to contact you, or contact forms that are part of CPL programs?

    Sheri

  5. #5
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    Anyway I've noticed a *HUGE* surge in contact form spam lately. Seems somebody's gotten hold of an automated script for submitting this garbage.
    Take a look at a free PHP script called Phorm. I have been using it on all the sites I do. It has been attacked, but so far not violated. I have it set up to log all contacts. It's also well documented.

  6. #6
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Not all affiliates are spammers .... but all spammers are affiliates.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  7. #7
    ABW Ambassador Snib's Avatar
    Join Date
    January 18th, 2005
    Location
    Virginia
    Posts
    5,303
    Quote Originally Posted by Sheri
    Are you experiencing this on the form to contact you, or contact forms that are part of CPL programs?

    Sheri
    This is the form on my sites where people can contact me. I'm the only one who reads these messages, so what's the point?

    - Scott
    Hatred stirs up strife, But love covers all transgressions.

  8. #8
    ABW Ambassador Snib's Avatar
    Join Date
    January 18th, 2005
    Location
    Virginia
    Posts
    5,303
    Quote Originally Posted by bumpaw
    Take a look at a free PHP script called Phorm. I have been using it on all the sites I do. It has been attacked, but so far not violated. I have it set up to log all contacts. It's also well documented.
    I took a look at their site and they don't even use their own software, they have a direct email link instead. I couldn't find a demo anywhere. Not good signs.

    Anyway, I've written my own contact form and I found a nice CAPTCHA class that I plan to integrate into it.

    Thank you,
    - Scott
    Hatred stirs up strife, But love covers all transgressions.

  9. #9
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    551
    I catch every field from my contact form submission in a table, this way I can see if anyone is spamming and what they are trying to do and protect against it.

    use http://php.net/manual/en/function.my...ape-string.php

  10. #10
    Member HarveyC's Avatar
    Join Date
    August 19th, 2006
    Location
    UK
    Posts
    113
    Same thing over here, Snib.

    Started about 2 weeks ago. A few of people I know have had exactly the same thing. Absolutely pointless spam. I just deleted the contact form and added an email address. Don't think this spam is going anywhere, so I'd recommend a CAPTCHA.

  11. #11
    .
    Join Date
    January 18th, 2005
    Posts
    2,973
    I added a contact form to one of my sites a few months ago, and in the past few weeks I've been getting a dozen or so spam posts per day, all garbage. I've only received two "genuine" feedback messages through the contact form.

    I have changed the form so that the default setting for "type of comment" is "spam." If nothing else, it makes me feel better to see all these posts identified right up front as "spam" -- but I assume that someone posting a genuine comment might not change that setting, so I'm not really comfortable leaving it this way.

  12. #12
    ABW Ambassador Snib's Avatar
    Join Date
    January 18th, 2005
    Location
    Virginia
    Posts
    5,303
    Quote Originally Posted by markwelch
    I added a contact form to one of my sites a few months ago, and in the past few weeks I've been getting a dozen or so spam posts per day, all garbage. I've only received two "genuine" feedback messages through the contact form.

    I have changed the form so that the default setting for "type of comment" is "spam." If nothing else, it makes me feel better to see all these posts identified right up front as "spam" -- but I assume that someone posting a genuine comment might not change that setting, so I'm not really comfortable leaving it this way.
    I've just imposed a series of rules in my mailbox to block contact messages that contain certain characteristics. Better solution would be to impose these restrictions at the time of posting, ie: "Sorry but you may not include an external link in your contact post, please remove it and try again". I've also considered adding a CAPTCHA for good measure.

    - Scott
    Hatred stirs up strife, But love covers all transgressions.

  13. #13
    ABW Ambassador purplebear's Avatar
    Join Date
    January 18th, 2005
    Posts
    3,960
    Not sure I should be posting this in this thread or not but came across this now, so thought I'd ask. I just remade a site for a friend's business. They evidently had their contact form send their messages to their email address at the host but then must've had them forwarded to another email. They would like their messages from the contact form to just go to their other email address and they want to be able to hit reply and have it go to the person that sent the message and have it say that it had come from their email address. I only have all of my contact forms just go to the email address at the web hosting site. Definitely am not a computer genius. Is it even possible to do what they're requesting?? Uhh wouldn't the contact form have to kinda be a mind reader to do what they want?

    On a side note about the spam. They hadn't ever logged into their email at their host so when I got their site up I found 2500 spam emails. lol They didn't even realize they had an email inbox there. lol
    I get bombarded with spam it seems regardless where my email gets sent from the contact form

  14. #14
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    I've had some real stupid type of spam lately thru the contact form on my site, makes no sense. I have some things to fill in and it's like:

    Name Bob
    Email mary at hotmail.com

    Name Susan
    Email harry at yahoo.com

    Name Bill
    Email steve at hotmail.com

    It's like pointless spam, don't get it.

  15. #15
    What's the word? Rhia7's Avatar
    Join Date
    January 13th, 2006
    Posts
    9,578
    Does the way the contact form is created contribute to the spam?

    Trust, how did you make your contact form? Did you use CGI/CGI-e-mail or something else?
    ~Rhia7 -- Remember the 7
    Twitter me

  16. #16
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    Just basic form html type stuff, drag and drop from my editor. And it's not that much, maybe like 10 a day, today a couple. Just didn't see the point to it.

  17. #17
    Classic Rocker Mack's Avatar
    Join Date
    January 27th, 2007
    Location
    Lower Left Coast
    Posts
    1,167
    Not a problem here, solved it long ago.

    Only registered users see the contact form(s), submissions, replies, comments...

    Registration requires email confirmation.

    I don't use common names, ie. support@ info@ webmaster@ postmaster@ billing@ I use oddball ones like cs-support@, xzy-info@ etc. and again, only registered users can see those.

    I get more spam (like daily coupons, come join our wonderful program) from CJ-LS and merchants that from all of my sites combined.

  18. #18
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    Just didn't see the point to it.
    I had similar a while back. It seemed to me they were trying to crack the script to use it to send spam from my server. Not sure though.

  19. #19
    Moderator BurgerBoy's Avatar
    Join Date
    January 18th, 2005
    Location
    jacked by sylon www.sylonddos.weebly.com
    Posts
    9,618
    Talking
    I use this free php script and it works perfectly. http://sonicfog.com/index.php?option...d=41&Itemid=91

    Down load it here http://sonicfog.com/index.php?option...d=23&Itemid=93

    Vietnam Veteran 1966-1970 USASA
    ABW Forum Rules - Advertise At ABW

  20. #20
    ABW Ambassador Snib's Avatar
    Join Date
    January 18th, 2005
    Location
    Virginia
    Posts
    5,303
    Quote Originally Posted by bumpaw
    I had similar a while back. It seemed to me they were trying to crack the script to use it to send spam from my server. Not sure though.
    I think they're trying to exploit a potential email injection fault. If your contact form isn't secure there's a chance somebody could use your contact form to send spam to any number of CC's or BCC's. I think this might attribute to a lot of what we're seeing here. Just hope nobody's being successful with this strategy.

    - Scott
    Hatred stirs up strife, But love covers all transgressions.

  21. #21
    Life is Supposed to be Fun! Rexanne's Avatar
    Join Date
    January 18th, 2005
    Location
    Los Angeles
    Posts
    12,360
    Quote Originally Posted by Snib
    I thought there was a thread about this, but I couldn't find it. Anyway I've noticed a *HUGE* surge in contact form spam lately. Seems somebody's gotten hold of an automated script for submitting this garbage. I never thought I'd need a CAPTCHA for my contact form, but I'm getting extremely tempted. Just when you thought there couldn't be a lower form of spam this happens.

    - Scott
    Scott, until lI added a CAPTCHA to my sign up form and also added a question that had to be checked to proceed (Are you a real person?) I couldn't get rid of tons of forum spam. Now I get none. CAPTCHAs and a check box works wonders.
    Peace,

    Rexanne

    Rexanne.com
    Loving Everyone's Child Creates Magic


  22. #22
    Full Member
    Join Date
    December 20th, 2005
    Posts
    413
    On a related note, on your server, don't allow auto-forwarding. It won't reduce your incoming spam...but it can help reduce the likelihood of your server being used to forward spam onward.
    [URL=http://themoneyforums.com]The Money Forums[/URL]

  23. #23
    Kung Fu Master Eathan's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,833
    I hate form spam more than any other spam. In some cases it's gotten so bad I just deleted the file that included the form. To this day the stupid bots still call for that page. Now they just generate 404s instead of pointless spam...
    Eathan Mertz

    Black Cat Mining - Gold Prospecting & Rockhounding Equipment

  24. #24
    Full Member
    Join Date
    December 20th, 2005
    Posts
    413
    Quote Originally Posted by Eathan
    I hate form spam more than any other spam. In some cases it's gotten so bad I just deleted the file that included the form. To this day the stupid bots still call for that page. Now they just generate 404s instead of pointless spam...
    Hmmm...maybe you could send them somewhere more interesting?
    [URL=http://themoneyforums.com]The Money Forums[/URL]

  25. #25
    Kung Fu Master Eathan's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,833
    Quote Originally Posted by DoctorMike
    Hmmm...maybe you could send them somewhere more interesting?
    Believe me, I've thought about it. Redirecting 'em to the FBI, DOJ or some such could be fun...
    Eathan Mertz

    Black Cat Mining - Gold Prospecting & Rockhounding Equipment

+ Reply to Thread
Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •