is my contact email being hijacked?

  • Thread starter The Bicycling Guitarist
  • Start date
T

The Bicycling Guitarist

I have an .asp contact page, and for nearly a year I've been getting spam to
buy generic prescription drugs such as viagra, xanax and phentermine to name
a few.

I recently thought that perhaps OTHER people are getting spam that LOOKS
like it is coming from my name, but my i.s.p. says that the mail on my
contact page only goes to me.

Still...I wonder. Is there a way to find out if other people are receiving
spam being sent in my name?

My contact page is www.TheBicyclingGuitarist.net/contact.asp thanks
 
B

Beauregard T. Shagnasty

The said:
I have an .asp contact page, and for nearly a year I've been getting
spam to buy generic prescription drugs such as viagra, xanax and
phentermine to name a few.

Sounds like typical spam to me. Apparently, your email address is
somewhere on your web site, someone else's web site, is on the computer
of someone who was infected with a mass mailing worm, is easily
guessable via dictionary attack, or you have used it at an unscrupulous
site that sold it.

Or, you have posted to USENET with it!
Chris @ TheBicyclingGuitarist.net
and it has been scraped by the spambots.
I recently thought that perhaps OTHER people are getting spam that
LOOKS like it is coming from my name, but my i.s.p. says that the
mail on my contact page only goes to me.

It is a simple task to forge the FROM: field in an email, so a spammer
could send to millions using yours as the FROM:. You would get all
bounces for non-existent addresses.
Still...I wonder. Is there a way to find out if other people are
receiving spam being sent in my name?

Do you get bounces? Non-delivery messages?

(page needs some work to make it match your others.)

<http://www.powerasp.com/>
"Your search for contact form returned no matching documents in our
site."

So how does this script work? Is it secure? Can a spammer inject BCC:
addresses into it? What testing do you/it do before sending the mail to
you?
 
J

J.O. Aho

he said:
I have an .asp contact page, and for nearly a year I've been getting spam to
buy generic prescription drugs such as viagra, xanax and phentermine to name
a few.

I recently thought that perhaps OTHER people are getting spam that LOOKS
like it is coming from my name, but my i.s.p. says that the mail on my
contact page only goes to me.

Still...I wonder. Is there a way to find out if other people are receiving
spam being sent in my name?

Only by checking the log of the mail server that is used to mail the data from
the basic script.

There are many contact scripts that allows header injection, that way the
spammer can decide who else will get the mail too, but without the log file
you don't know if someone else has got spam from your script. Trying to inject
headers into the script will tell you if it's possible or not to spam others too.
 
T

The Bicycling Guitarist

The Bicycling Guitarist said:
I have an .asp contact page, and for nearly a year I've been getting spam
to buy generic prescription drugs such as viagra, xanax thank you for the
info, Beauregard T. Shagnasty and J.O. Aho. Yep the page needs work and
I'll see what I can do to improve it's appearance. I didn't do any testing
about the script except to see if it would send mail to me. I have learned
a lot (compared to when I started) about html/css the past few years by
posting and lurking in these newsgrouups, but I am still basically a newbie
compared to some of you regulars. Thank you again for all you do for
others.
 
T

The Bicycling Guitarist

Beauregard T. Shagnasty said:
Chris @ TheBicyclingGuitarist.net
and it has been scraped by the spambots.
It is a simple task to forge the FROM: field in an email, so a spammer
could send to millions using yours as the FROM:. You would get all
bounces for non-existent addresses.


Do you get bounces? Non-delivery messages?

I don't get bounces as a rule. I have received some, like maybe 1 or 2 in a
six-month period, where I was NOT the one who sent the message that bounced
even though it said it was from me. It has happened, but not a lot and not
recently.



www.TheBicyclingGuitarist.net/contact.asp thanks
(page needs some work to make it match your others.)
So how does this script work? Is it secure? Can a spammer inject BCC:
addresses into it? What testing do you/it do before sending the mail to
you?
I have NO idea how it works. That's why I used somebody else's script
instead of writing one. Ewww I just noticed <font> tags. omg, this is the
ONLY page on my web site that still uses those.

I'd love to bring this up to xhtml 1.0 strict standards to match the rest of
my site. I am not intrepid regarding my abilities to do so however.

If you or anyone else knows of a better contact form that I could use, feel
free to suggest it. OR if you can tell me what to do to improve the one I
have, I'd appreciate the help.

Ewww <font> tags...
 
J

Jim Moe

The said:
There are some spambots that fill in such forms usually with loads of
additional strings to hijack the form.
What kind of server-side tests are you applying to the incoming data?
For instance, the Subject field could be

"Ha-ha! Gotcha!\nBCC: (e-mail address removed), (e-mail address removed)"

Without proper vetting the message is not only sent to you but to addr1
and addr2 as well.
 
B

Beauregard T. Shagnasty

The said:
I have NO idea how it works. That's why I used somebody else's script
instead of writing one. Ewww I just noticed <font> tags. omg, this is
the ONLY page on my web site that still uses those.

I'd love to bring this up to xhtml 1.0 strict standards to match the
rest of my site. I am not intrepid regarding my abilities to do so
however.

Probably you just need to take your template page, and insert the
<form>
...
</form>
where your content normally goes.

Oh wait, I see you are working on that. It already looks a lot better.
If you or anyone else knows of a better contact form that I could
use, feel free to suggest it. OR if you can tell me what to do to
improve the one I have, I'd appreciate the help.

Since your page contact.asp submits to itself, you would have to post
the VBScript source code (probably don't want to do that), or point to
the page where you found it. Then maybe someone who uses VBScript could
have a look at it. I use PHP and write my own.
Ewww <font> tags...

Yes... <g>
 
N

nice.guy.nige

While the city slept, The Bicycling Guitarist
([email protected]) feverishly typed...
I have an .asp contact page, and for nearly a year I've been getting
spam to buy generic prescription drugs such as viagra, xanax and
phentermine to name a few.

You and everybody else...
I recently thought that perhaps OTHER people are getting spam that
LOOKS like it is coming from my name, but my i.s.p. says that the
mail on my contact page only goes to me.

If that is the case, then that is ok. It is quite unlikely that the spammers
are sending emails from your server.
Still...I wonder. Is there a way to find out if other people are
receiving spam being sent in my name?

It is perfectly possible for this to happen. It is easy as anything to
"forge" (I put that in quotes because real-world forging is quite a skilled
task) the from address in any email you send out from a script.

A couple of years back, with my PC finally on broadband, I left it on all
the time, and kept my email client running, so I could go out, go to sleep,
whatever, and it would sit there happily downloading my emails. One weekend
I was at my girlfriend's house, then got home and found I had something like
50,000 emails.... they were nearly all bouncebacks to one of the domains I
look after - someone had sent out a load of spam using "forged" accounts on
the domain. I was fairly lazy back then and set up the basic (people's
names) email accounts for the domain and then let the others go to
postmaster, and set up my email client to filter them to, eg, sales, info
etc and put them in the appropriate folder. Straight after this event, I set
up specific accounts and set any mail to unknown users to go to the
blackhole - ie, be nuked, deceased, shuffle off this mortal coil etc.

I strongly recommend you follow this example. For the sake of setting up
explicit email accounts and nuking the rest, you could spend a good part of
your weekend slowly deleting ridiculous amounts of email.

Cheers,
Nige
 
B

Bergamot

nice.guy.nige said:
I set
up specific accounts and set any mail to unknown users to go to the
blackhole - ie, be nuked, deceased, shuffle off this mortal coil etc.

I do the same, but there is a risk of missing legitimate email from
someone who simply made a typo. You may never know about these, unless
said party contacts you again and mentions it. I recently had this
happen with a new client. They got all hot and bothered because I didn't
answer their email. The spouse finally noticed the typo, but I still got
the blame for their mistake. :-\

Just be aware there are drawbacks to defaulting to blackhole. I do think
the good points outweigh the bad, though.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top