Forum Moderators: phranque
Anyone have any suggestions. I've tried to blocking the IPs but since he seems to readily have an unending supply of these I wonder if he is spoofing or something.
As long as this is automated (not a real human sitting down at a pc and maliciously filling out forms all day), I suppose using a captcha image will work. If it's not automated, and there's a person who can read the captcha and then input the captcha code, a captcha wouldn't do much good.
Any suggestions?
Combatting Webform hijack [webmasterworld.com]
It's now been about 12 hours since I was last hit with this crap (knock on wood).
Here's what I've done so far. First, I tracked what may be the source by doing a whois on the domain name that seems to be associated with these creeps. Then I looked up their host. Their domain and the domain of the "host" resolve to the same IP, so I don't think attempting to contact the host to complain would be of much use since they seem to be one and the same (oh, and both seem to have bogus registrar information---I should probably file a complaint with the registrar...only I tried that once before with network solutions and it went nowhere even though I had a legitimate complaint).
Doing a reverse DNS on the host showed there were 280 other sites on that server that were pretty much all devoted to the same, or similar topics. So, I blocked this IP from accessing my site and I did it for a specific reason. I changed the names of my forms, but I also changed the name of the script that processes my forms. I had wondered if they were simply using that script to autosend this garbage. Now, the script is renamed and, hopefully, their crawlers are blocked from accessing my site again to find the retitled script and begin again.
If this doesn't work, the only thing I can think of is a captcha.
I seem to be getting pummeled daily lately by form spam that's originating out of eastern europe. What the dummy doesn't seem to realize is that my forms output to emails and not to forums . . .
What you don't know about this - the spammer may be using your form to BCC **thousands** of email addresses using your server. When you get one of these emails, what if the email you receive was a result of an email that contained a BCC with a comma separated list to thousands of addresses? No BCC field in your outgoing mail you say? There is a way to add a newline character to one of the header fields and add your own bcc. Scary, huh?
What is your form processor written in, php, perl?
Another mode of operation is to hit a site hard, then go away for a day. A week. A month. Ahh, I fixed it, he's gone. NOPE here they come again . . .
Please see this recent thread on the same topic [webmasterworld.com], you may only be seeing the tip of the iceberg.
Lastly, chasing after IP addresses is really a waste of time. Most of these are executed from zombies, compromised computers without the knowledge of the owner. You find IP's, but the real spammer will not be connected to any of them.
