Webform used by spammers

[Paul H]

I am using the latest version of FormMail.pl on a standard web form. I am
getting dozen of emails a day that have been send via the webform, probably
using a bot (so I am told).

How can I stop this?

Can I force visitors to use one of those randomly generated numbers that you
see on the login page of some websites to stop automated use of my web form?
Can this be done on a static HTML page?

Thanks

Paul

 

[PeterMcC]

Paul H wrote in

I am using the latest version of FormMail.pl on a standard web form.
I am getting dozen of emails a day that have been send via the
webform, probably using a bot (so I am told).

How can I stop this?

If it's the FormMail.pl available from http://nms-cgi.sourceforge.net/ ,
I've a number of sites using it and never had a problem - though I may be
lucky.

Have you got all the correct security settings in the script?

It may be worth a review of the README.txt file.

 

[Paul H]

Paul H wrote in


If it's the FormMail.pl available from http://nms-cgi.sourceforge.net/ ,
I've a number of sites using it and never had a problem - though I may be
lucky.

Have you got all the correct security settings in the script?

It may be worth a review of the README.txt file.

--
PeterMcC
If you feel that any of the above is incorrect,
inappropriate or offensive in any way,
please ignore it and accept my apologies.

Many thanks Peter,

My hosting company have said this is nothing to do with the FormMail.pl
(they have recently checked and replaced it) and have suggested that someone
is using a bot that automiatically runs the HTML code of my web form. Are
you saying that if my FormMail.pl file was secure in the first place, the
whole bot thing would not be possible?

Regards,

Paul

 

[PeterMcC]

Paul H wrote in

My hosting company have said this is nothing to do with the
FormMail.pl (they have recently checked and replaced it) and have
suggested that someone is using a bot that automiatically runs the
HTML code of my web form.

It may be a just question of terminology but there isn't any code to run in
your HTML - if that's what your hosting company is saying, then someone's a
bit confused. The code's in the FormMail Perl script.

Are you saying that if my FormMail.pl file
was secure in the first place, the whole bot thing would not be
possible?

just so I get it right - you're getting spam emails, sent to you, using the
form that's generated by FormMail on your web site?

That's not the usual problem associated with FormMail- Matt's script, once
widely used, was vulnerable to being used for spammers to send out spam via
someone else's FormMail.

 

[Brian Cryer]

That's not the usual problem associated with FormMail- Matt's script, once
widely used, was vulnerable to being used for spammers to send out spam
via
someone else's FormMail.

I think the original problem with FormMail was that spammers were using the
script to send emails to other people's domains, so using it as a sort of
open proxy.

The common problem now is that FormMail is being used to spam the domain
that it is being used to serve - either because the bot is loading the form
in a web page and submitting it or because it is simulating the post event
of the form. Both of which are easy to do. The way forward is probably to
use "captcha" (see the reply from to your identical posting in
alt.www.webmaster), but that's something I still need to come up to speed
on.

 

[Nikita the Spider]

I am using the latest version of FormMail.pl on a standard web form. I am
getting dozen of emails a day that have been send via the webform, probably
using a bot (so I am told).

How can I stop this?

Can I force visitors to use one of those randomly generated numbers that you
see on the login page of some websites to stop automated use of my web form?
Can this be done on a static HTML page?

Paul,
I'm unfamiliar with FormMail.pl, but for a while I had a spammer trying
to exploit a form on one of my sites. The form was very simple, it just
had a "type your message here" input box and a "send" button. The
spammer entered mail header fields (e.g. "Cc: (e-mail address removed)") as the
first entries in the body area in the (false) hopes that my mail form
would just glue the body onto some preformed headers and dump it off to
an SMTP function. Had that been the case, the CC would have become part
of the mail headers and (e-mail address removed) would receive a copy of the
message.

Because of the way I'd coded my form, this wasn't a problem, but I'm
sure the spammer found some miscoded forms out there to abuse. I just
wanted to make you aware of this potential vector.

Here's someone who has written a detailed summary of it:
http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay

You could also Google on (e-mail address removed), (e-mail address removed) or
(e-mail address removed) which were the addresses that the spammer BCCed
him/herself with.

Good luck