scary spam--looking into my ASP code?

M

middletree

On my personal web site, which gets maybe 2000 visits a month, I have an
email form on several pages. It has ASP code in there which not only sends
the email to me, but populates the subject line with the name of the page it
was sent from. For example, send me an email from the form on
http://www.middletree.net/day.asp, and it send me a note with the subject
line: "Email from the day.asp page"


Yesterday, I got 4 emails, and they all had gibberish in the subject line.
One example:

Email from the (e-mail address removed) page

And the body of that email simply said:

(e-mail address removed)


The reason I am concerned, and why I'm posting it here, is that the code
that handle this form is ASP. It's server-side code that tells it to have
the subject line formatted that way. There's no way anyone should know that
the subject line is written with that choice of words. (Unless perhaps I
replied to an emailer and kept the subject line). Should I be concerned?
Does it seem that someone has gotten in and viewed by code? Can they also
change it?
 
A

Aaron Bertrand [SQL Server MVP]

Should I be concerned?
Does it seem that someone has gotten in and viewed by code? Can they also
change it?
Click to expand...

I don't think so. I used to have an e-mail generated by the feedback page
on aspfaq.com, and once I added links to the feedback pages from inidividual
articles, I would suddenly get 500+ emails in one shot. On review of the
web traffic, it was a spider hitting every page on the site, and generating
the bogus e-mails. You'd be amazed what automated bots and spiders etc. can
figure out about your site, and what kind of actions they can cause (they
can click on links, submit forms, etc).

I would make two suggestions about that page in particular:

(a) I would put some kind of JavaScript handler instead of a straight
submit. This should prevent any automated tool from submitting bogus
comments. For those that disable JavaScript, tough, they can send a plain
old e-mail.

(b) I would try to avoid putting your real e-mail address in plain text on a
web page, since the same kind of tools are used for harvesting this
information and selling it to spammers. So unless you have a high-powered
mail server, a very good spam blocker, and an extremely tolerant ISP, I'd
try to minimize the invitations you give to those people. :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Looking for feedback on this markup language I developed and my website idea? 0
help me with my code 1
Looking for someone to take alook at this code and help 2
I need help fixing my website 2
Something is wrong with my code. 1
Looking to change programming direction 1
Help with my responsive home page 2
Hi, I am a webflow user. I am looking for CSS code that can KEEP ALL ELEMENTS POSITIONED in the SAME spot across all resolutions 0

Members online

Total: 28 (members: 2, guests: 26)
Robots: 241

Forum statistics

Threads
473,756
Messages
2,569,535
Members
45,008
Latest member
obedient dusk

Latest Threads

Top