Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mailform abuse by spammers

Status
Not open for further replies.
TanTrazz

TanTrazz

Programmer
Aug 18, 2001
54
NL
Hi all,


I've got a simple php mail() script on my website. Everyday i recieve 10 email, send within a minute, which all are empty.

I've made an script which checks if the required fields are filled in. And it works i've checked it.

How can i block this spammer?

Found a script which make a cookie and set antispam time to 10 minutes, so you only can send 1 mail per 10 minutes, but i think it's not the solution...

Does someone have a anti spam script, or block bcc, anyways a solution it's driving me nuts....

TnQ TanTrazz
 
Sort by date Sort by votes
Surely it's a simple task to just check that the POST variables are not blank... and if they are then just don't send the email (you can still redirect to the thankyou page so that they don't know there was a problem). All this server-side (not client-side using something like javascript).

I think the problem may be with search spiders that are indexing your site... they tend to follow every link and path and attempt to hit every page. Have you checked the USERAGENT in the web server log files to see what generated these emails?

That's been my experience anyway.
Jeff

[tt]Jeff's Page [/tt][tt]@[/tt][tt] Code Couch
[/tt]
 
Upvote 0 Downvote
We've had this problem too, and have had to impliment an 'anti hacking' script into our webprocessing, basically weeding out anything that involves line breaks, bcc and Header-Type:

Our script is in PHP, but the function should be able to be adapted for other browsers.
We are still getting the spam, but we 'think' we have stopped them from actually exploiting the form to mass mail others - still waiting on our server admin to get us the email logs.

It's not the most elegant solution, but it seems to work thus far. I'd love to see a better version if someone comes up with it.
Code: 
	function hackcheck($item)
   {
   if (eregi("\r",$item) || eregi("\n",$item) || eregi("%0A",$item) || eregi("%oa",$item)
   || eregi("%0D",$item)|| eregi("%od",$item) || eregi("mhkoch321@aol.com",$item) || eregi("Bcc",$item) || eregi("bcc",$item)  || eregi("Content-Type",$item)){
     return FALSE;
   } else {
    return  TRUE;
	}
      }

----------------------------------------
Sometimes, when my code just won't behave, I take it outside and make it listen to britney spears music, and when it comes back it's really well behaved. I wonder if it's suffering from post tramatic stress syndrome now..
 
Upvote 0 Downvote
I just re-read what I wrote, it's time I went to bed.....!!!
The code is correct though, I cut and pasted that :D

One thing- don't leave any 'security' to the html form, we think the hackers go along with a spider type script, check for vulnerabilties and get the form to mail back to them, when they have secured a script that works, they can hack the form by downloading it to their machine and use it to mass mail spam, so any client side security is easy to get around, you need it to be on the server side.

Once we get our email logs we can confirm if the above function works well enough, and post any updates, so far it's worked with all the script snippets we have tried.

A couple of websites which deal with the subject we found are:


Hope that made some kind of rambling sense..... who let me on the net at this hour?????

----------------------------------------
Sometimes, when my code just won't behave, I take it outside and make it listen to britney spears music, and when it comes back it's really well behaved. I wonder if it's suffering from post tramatic stress syndrome now..
 
Upvote 0 Downvote
W00T!
Got a response back from the server admin....we've plugged the hole, and the spammers are only managing to send to our email address (which although that's a pain, it means they should stop trying soon, as they won't be getting any response from us)

Now we've put the error checking on all the input feilds and select feilds, the hacks can't work in textarea feilds to the best of my knowledge, adding it to select feilds is probably overkill, as I think it's all automated, and I can't imagine it being too sophisticated, but no harm in checking anyway.

Turning off register_globals is supposed to make it easier to stop this kind of attack too.

----------------------------------------
Sometimes, when my code just won't behave, I take it outside and make it listen to britney spears music, and when it comes back it's really well behaved. I wonder if it's suffering from post tramatic stress syndrome now..
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rmak78
  • Locked
  • Helpful tip
LIMIT USERS ACCESS PER DAY BY IP
Replies
0
Views
220
rmak78
rmak78
PeDa
  • Locked
  • Question
POST Content-lLength of ... bytes exceeds the limit of 8388608 bytes in Unknown on line 0
Replies
4
Views
489
feherke
feherke
PeDa
  • Locked
  • Question
Include URL with parameter in table generated by php
Replies
3
Views
439
PeDa
PeDa
cmayo
  • Locked
  • Question
ZipArchive::close is terribly slow when executed by Apache2
Replies
3
Views
468
cmayo
cmayo
southbeach
  • Locked
  • Question
Haunted by vanishing session 1
Replies
4
Views
195
southbeach
southbeach

Part and Inventory Search

Sponsor

Back
Top