Email form and spam

drewland · 19-12-2006, 02:51 PM

My site has a email form to send emails to myself and others that need them.

to start with I started getting some spam and these eventually became enough of a pain to add in a basic spam filter that checks for a static list of words in the body of the email, if a hit is got then the mail is not sent.
I add new words as needed.
This has pretty much sorted out the general spam...

what I have now started geting is messages of the following type

From: bbvjhdu@google.com
Subject: niice site! very informative keep up the good work!!

I am getting 6+ of these type a day.

as these are not genuine emails I am trying to work out why these are being sent. I was wondering is people are atempting to find a back door around the asp code to send spam?

any ideas would be apreciated

paulredpath · 19-12-2006, 03:34 PM

Hi,

What do the headers of the emails look like?

drewland · 19-12-2006, 04:28 PM

here is the header of an item today

Return-Path: <ssscwebmail@ss-sc.co.uk>
Received: from 84.18.199.2 by drewland.com ([192.168.100.1] running VPOP3) with ESMTP for <ssscweb@drewland.com>; Tue, 19 Dec 2006 15:48:13 -0000
Received: from [84.18.207.39] (helo=strawberry.active-ns.com) by guava.rb.catalyst2.com with esmtp (Exim 4.43) id 1GwgVA-000479-NJ for ssscweb@drewland.com; Tue, 19 Dec 2006 15:03:32 +0000
Received: from mail pickup service by strawberry.active-ns.com with Microsoft SMTPSVC; Tue, 19 Dec 2006 15:44:13 +0000
From: <ssscwebmail@ss-sc.co.uk>
To: <Secretary@ss-sc.co.uk>
Cc: <ssscweb@drewland.com>
Date: Tue, 19 Dec 2006 15:44:13 -0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
Message-ID: <STRAWBERRYjR1UfW5ha000000f5@strawberry.active-ns.com>
X-OriginalArrivalTime: 19 Dec 2006 15:44:13.0921 (UTC) FILETIME=[88AF8D10:01C72384]
Subject: Web site generated Email

The content of the email is
First Name: Keno
Last Name: regag@google.com
Email: privetik@hotmail.com

Great Site - really useful information!t

I am lost as to why they are being sent as they are only every getting to two addresses
I will look at changing the code on the page to log the senders ip

SteveShipton · 09-01-2007, 09:54 AM

Hi,

We had a few sites that suffered from this kind of "attack". It was/is down to form robots that auto fill and submit. The way we stopped it was to put a simple security question at the bottom of the form which usually stopped them. Have a look at http://www.neweng.org.uk/engblog.asp. After over 2000 emails we worked out the robots were not intelligent enough to work out the answer and either didn't select one, selected the first option or selected the last one; we obviously changed out code to sort that out!

If you want more details drop me a line.

19-12-2006, 02:51 PM	#1 (permalink)
drewland Junior Member Join Date: Jun 2003 Posts: 4	Email form and spam My site has a email form to send emails to myself and others that need them. to start with I started getting some spam and these eventually became enough of a pain to add in a basic spam filter that checks for a static list of words in the body of the email, if a hit is got then the mail is not sent. I add new words as needed. This has pretty much sorted out the general spam... what I have now started geting is messages of the following type From: bbvjhdu@google.com Subject: niice site! very informative keep up the good work!! I am getting 6+ of these type a day. as these are not genuine emails I am trying to work out why these are being sent. I was wondering is people are atempting to find a back door around the asp code to send spam? any ideas would be apreciated

19-12-2006, 03:34 PM	#2 (permalink)
paulredpath Bring me your problems :p Join Date: Jan 2003 Location: /dev/ahhhhhhhhh Posts: 3,537	Hi, What do the headers of the emails look like? __________________ Paul Redpath paul@catalyst2.com Go on, review Us at OC Host Review!

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

19-12-2006, 04:28 PM	#3 (permalink)
drewland Junior Member Join Date: Jun 2003 Posts: 4	here is the header of an item today Return-Path: <ssscwebmail@ss-sc.co.uk> Received: from 84.18.199.2 by drewland.com ([192.168.100.1] running VPOP3) with ESMTP for <ssscweb@drewland.com>; Tue, 19 Dec 2006 15:48:13 -0000 Received: from [84.18.207.39] (helo=strawberry.active-ns.com) by guava.rb.catalyst2.com with esmtp (Exim 4.43) id 1GwgVA-000479-NJ for ssscweb@drewland.com; Tue, 19 Dec 2006 15:03:32 +0000 Received: from mail pickup service by strawberry.active-ns.com with Microsoft SMTPSVC; Tue, 19 Dec 2006 15:44:13 +0000 From: <ssscwebmail@ss-sc.co.uk> To: <Secretary@ss-sc.co.uk> Cc: <ssscweb@drewland.com> Date: Tue, 19 Dec 2006 15:44:13 -0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826 Message-ID: <STRAWBERRYjR1UfW5ha000000f5@strawberry.active-ns.com> X-OriginalArrivalTime: 19 Dec 2006 15:44:13.0921 (UTC) FILETIME=[88AF8D10:01C72384] Subject: Web site generated Email The content of the email is First Name: Keno Last Name: regag@google.com Email: privetik@hotmail.com Great Site - really useful information!t I am lost as to why they are being sent as they are only every getting to two addresses I will look at changing the code on the page to log the senders ip

09-01-2007, 09:54 AM	#4 (permalink)
SteveShipton Member Join Date: Feb 2003 Location: Felpham, Bognor Regis Posts: 35	Hi, We had a few sites that suffered from this kind of "attack". It was/is down to form robots that auto fill and submit. The way we stopped it was to put a simple security question at the bottom of the form which usually stopped them. Have a look at http://www.neweng.org.uk/engblog.asp. After over 2000 emails we worked out the robots were not intelligent enough to work out the answer and either didn't select one, selected the first option or selected the last one; we obviously changed out code to sort that out! If you want more details drop me a line.