is my contact email being hijacked?

Discussion in 'HTML' started by The Bicycling Guitarist, Jul 18, 2007.

  1. I have an .asp contact page, and for nearly a year I've been getting spam to
    buy generic prescription drugs such as viagra, xanax and phentermine to name
    a few.

    I recently thought that perhaps OTHER people are getting spam that LOOKS
    like it is coming from my name, but my i.s.p. says that the mail on my
    contact page only goes to me.

    Still...I wonder. Is there a way to find out if other people are receiving
    spam being sent in my name?

    My contact page is www.TheBicyclingGuitarist.net/contact.asp thanks
    The Bicycling Guitarist, Jul 18, 2007
    #1
    1. Advertising

  2. The Bicycling Guitarist wrote:

    > I have an .asp contact page, and for nearly a year I've been getting
    > spam to buy generic prescription drugs such as viagra, xanax and
    > phentermine to name a few.


    Sounds like typical spam to me. Apparently, your email address is
    somewhere on your web site, someone else's web site, is on the computer
    of someone who was infected with a mass mailing worm, is easily
    guessable via dictionary attack, or you have used it at an unscrupulous
    site that sold it.

    Or, you have posted to USENET with it!
    Chris @ TheBicyclingGuitarist.net
    and it has been scraped by the spambots.

    > I recently thought that perhaps OTHER people are getting spam that
    > LOOKS like it is coming from my name, but my i.s.p. says that the
    > mail on my contact page only goes to me.


    It is a simple task to forge the FROM: field in an email, so a spammer
    could send to millions using yours as the FROM:. You would get all
    bounces for non-existent addresses.

    > Still...I wonder. Is there a way to find out if other people are
    > receiving spam being sent in my name?


    Do you get bounces? Non-delivery messages?

    > My contact page is www.TheBicyclingGuitarist.net/contact.asp thanks


    (page needs some work to make it match your others.)

    <http://www.powerasp.com/>
    "Your search for contact form returned no matching documents in our
    site."

    So how does this script work? Is it secure? Can a spammer inject BCC:
    addresses into it? What testing do you/it do before sending the mail to
    you?

    --
    -bts
    -Motorcycles defy gravity; cars just suck
    Beauregard T. Shagnasty, Jul 18, 2007
    #2
    1. Advertising

  3. The Bicycling Guitarist

    J.O. Aho Guest

    he Bicycling Guitarist wrote:
    > I have an .asp contact page, and for nearly a year I've been getting spam to
    > buy generic prescription drugs such as viagra, xanax and phentermine to name
    > a few.
    >
    > I recently thought that perhaps OTHER people are getting spam that LOOKS
    > like it is coming from my name, but my i.s.p. says that the mail on my
    > contact page only goes to me.
    >
    > Still...I wonder. Is there a way to find out if other people are receiving
    > spam being sent in my name?


    Only by checking the log of the mail server that is used to mail the data from
    the basic script.

    There are many contact scripts that allows header injection, that way the
    spammer can decide who else will get the mail too, but without the log file
    you don't know if someone else has got spam from your script. Trying to inject
    headers into the script will tell you if it's possible or not to spam others too.


    --

    //Aho
    J.O. Aho, Jul 18, 2007
    #3
  4. "The Bicycling Guitarist" <> wrote in message
    news:SUpni.1123$...
    >I have an .asp contact page, and for nearly a year I've been getting spam
    >to buy generic prescription drugs such as viagra, xanax thank you for the
    >info, Beauregard T. Shagnasty and J.O. Aho. Yep the page needs work and
    >I'll see what I can do to improve it's appearance. I didn't do any testing
    >about the script except to see if it would send mail to me. I have learned
    >a lot (compared to when I started) about html/css the past few years by
    >posting and lurking in these newsgrouups, but I am still basically a newbie
    >compared to some of you regulars. Thank you again for all you do for
    >others.
    The Bicycling Guitarist, Jul 18, 2007
    #4
  5. "Beauregard T. Shagnasty" <> wrote in message
    news:rRqni.330838$...
    > The Bicycling Guitarist wrote:
    >
    >> I have an .asp contact page, and for nearly a year I've > Or, you have
    >> posted to USENET with it!

    > Chris @ TheBicyclingGuitarist.net
    > and it has been scraped by the spambots.
    >


    > It is a simple task to forge the FROM: field in an email, so a spammer
    > could send to millions using yours as the FROM:. You would get all
    > bounces for non-existent addresses.
    >
    >> Still...I wonder. Is there a way to find out if other people are
    >> receiving spam being sent in my name?

    >
    > Do you get bounces? Non-delivery messages?
    >


    I don't get bounces as a rule. I have received some, like maybe 1 or 2 in a
    six-month period, where I was NOT the one who sent the message that bounced
    even though it said it was from me. It has happened, but not a lot and not
    recently.



    www.TheBicyclingGuitarist.net/contact.asp thanks
    >
    > (page needs some work to make it match your others.)
    >


    > So how does this script work? Is it secure? Can a spammer inject BCC:
    > addresses into it? What testing do you/it do before sending the mail to
    > you?

    I have NO idea how it works. That's why I used somebody else's script
    instead of writing one. Ewww I just noticed <font> tags. omg, this is the
    ONLY page on my web site that still uses those.

    I'd love to bring this up to xhtml 1.0 strict standards to match the rest of
    my site. I am not intrepid regarding my abilities to do so however.

    If you or anyone else knows of a better contact form that I could use, feel
    free to suggest it. OR if you can tell me what to do to improve the one I
    have, I'd appreciate the help.

    Ewww <font> tags...
    The Bicycling Guitarist, Jul 18, 2007
    #5
  6. The Bicycling Guitarist

    Jim Moe Guest

    The Bicycling Guitarist wrote:
    >
    > My contact page is www.TheBicyclingGuitarist.net/contact.asp thanks
    >

    There are some spambots that fill in such forms usually with loads of
    additional strings to hijack the form.
    What kind of server-side tests are you applying to the incoming data?
    For instance, the Subject field could be

    "Ha-ha! Gotcha!\nBCC: , "

    Without proper vetting the message is not only sent to you but to addr1
    and addr2 as well.

    --
    jmm (hyphen) list (at) sohnen-moe (dot) com
    (Remove .AXSPAMGN for email)
    Jim Moe, Jul 18, 2007
    #6
  7. The Bicycling Guitarist wrote:

    > I have NO idea how it works. That's why I used somebody else's script
    > instead of writing one. Ewww I just noticed <font> tags. omg, this is
    > the ONLY page on my web site that still uses those.
    >
    > I'd love to bring this up to xhtml 1.0 strict standards to match the
    > rest of my site. I am not intrepid regarding my abilities to do so
    > however.


    Probably you just need to take your template page, and insert the
    <form>
    ...
    </form>
    where your content normally goes.

    Oh wait, I see you are working on that. It already looks a lot better.

    > If you or anyone else knows of a better contact form that I could
    > use, feel free to suggest it. OR if you can tell me what to do to
    > improve the one I have, I'd appreciate the help.


    Since your page contact.asp submits to itself, you would have to post
    the VBScript source code (probably don't want to do that), or point to
    the page where you found it. Then maybe someone who uses VBScript could
    have a look at it. I use PHP and write my own.

    > Ewww <font> tags...


    Yes... <g>

    --
    -bts
    -Motorcycles defy gravity; cars just suck
    Beauregard T. Shagnasty, Jul 18, 2007
    #7
  8. While the city slept, The Bicycling Guitarist
    () feverishly typed...

    > I have an .asp contact page, and for nearly a year I've been getting
    > spam to buy generic prescription drugs such as viagra, xanax and
    > phentermine to name a few.


    You and everybody else...

    > I recently thought that perhaps OTHER people are getting spam that
    > LOOKS like it is coming from my name, but my i.s.p. says that the
    > mail on my contact page only goes to me.


    If that is the case, then that is ok. It is quite unlikely that the spammers
    are sending emails from your server.

    > Still...I wonder. Is there a way to find out if other people are
    > receiving spam being sent in my name?


    It is perfectly possible for this to happen. It is easy as anything to
    "forge" (I put that in quotes because real-world forging is quite a skilled
    task) the from address in any email you send out from a script.

    A couple of years back, with my PC finally on broadband, I left it on all
    the time, and kept my email client running, so I could go out, go to sleep,
    whatever, and it would sit there happily downloading my emails. One weekend
    I was at my girlfriend's house, then got home and found I had something like
    50,000 emails.... they were nearly all bouncebacks to one of the domains I
    look after - someone had sent out a load of spam using "forged" accounts on
    the domain. I was fairly lazy back then and set up the basic (people's
    names) email accounts for the domain and then let the others go to
    postmaster, and set up my email client to filter them to, eg, sales, info
    etc and put them in the appropriate folder. Straight after this event, I set
    up specific accounts and set any mail to unknown users to go to the
    blackhole - ie, be nuked, deceased, shuffle off this mortal coil etc.

    I strongly recommend you follow this example. For the sake of setting up
    explicit email accounts and nuking the rest, you could spend a good part of
    your weekend slowly deleting ridiculous amounts of email.

    Cheers,
    Nige

    --
    Nigel Moss http://www.nigenet.org.uk
    Mail address will bounce. | Take the DOG. out!
    "Your mother ate my dog!", "Not all of him!"
    nice.guy.nige, Jul 20, 2007
    #8
  9. The Bicycling Guitarist

    Bergamot Guest

    nice.guy.nige wrote:
    >
    > I set
    > up specific accounts and set any mail to unknown users to go to the
    > blackhole - ie, be nuked, deceased, shuffle off this mortal coil etc.


    I do the same, but there is a risk of missing legitimate email from
    someone who simply made a typo. You may never know about these, unless
    said party contacts you again and mentions it. I recently had this
    happen with a new client. They got all hot and bothered because I didn't
    answer their email. The spouse finally noticed the typo, but I still got
    the blame for their mistake. :-\

    Just be aware there are drawbacks to defaulting to blackhole. I do think
    the good points outweigh the bad, though.

    --
    Berg
    Bergamot, Jul 20, 2007
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike
    Replies:
    4
    Views:
    375
    Andrew Davidson
    Nov 15, 2003
  2. Rob
    Replies:
    7
    Views:
    402
    David Segall
    Jan 21, 2007
  3. Pete Elmore

    'gets' has been hijacked

    Pete Elmore, Jun 6, 2005, in forum: Ruby
    Replies:
    3
    Views:
    121
    Pete Elmore
    Jun 6, 2005
  4. Brynn
    Replies:
    1
    Views:
    541
    Brynn
    Jan 19, 2004
  5. Eriq

    View-Source hijacked?! (0/1)

    Eriq, Sep 28, 2004, in forum: Javascript
    Replies:
    2
    Views:
    64
    Michael Winter
    Sep 28, 2004
Loading...

Share This Page