You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by te...@cnysupport.com on 2010/01/29 17:41:57 UTC

[OT?] Web Form Spam



I've recently started receiving web form "spam", but I'm not quite  
sure what to make of it.

My websites contains a couple of support request forms that ask for  
minimal information (business name, name, phone, problem, email  
address).

Recently, I've started receiving forms that contain random keyboard  
letters that look like they were typed by a person (in keyboard order  
like "asdfghjk") and contain nothing valid except possibly the email  
address.

The IP addresses are all from outside my country, so it's not possible  
they're legitimate.

Normally I wouldn't care about a few spams, but these create an  
emergency support ticket which means that someone gets paged in the  
middle of the night.

I just implemented a Country IP verification on the form handler to  
stop this, however I'm really puzzled why anybody would bother to fill  
out the form with random data in the first place.

Anybody have any ideas what anybody would hope to accomplish with this?

Terry

Re: [OT?] Web Form Spam

Posted by te...@cnysupport.com.

Quoting Jay Plesset <ja...@dp-design.com>:

> I've been getting 2 or 3 of these daily.  The mail address typically
> matches the "name" put in, it's always a gmail address, and so far,
> it's always been a bad mail address.
>
> It's more an annoyance than a problem, my mailing program sends out a
> confirm, and when it bounces, I remove the bogus entry from the db.
>
> jay plesset
> IT, dp-design.com
>
> Jason Bertoch wrote:
>> On 1/29/2010 12:44 PM, terry@cnysupport.com wrote:
>>>
>>> Really, I was just trying to figure out what the point would be   
>>> for someone to fill out the form with obviously invalid data.
>>>
>>
>> My guess is that it's a spammer's bot looking for a broken web form  
>>  to abuse.

That's almost exactly what I've been getting, although today the email  
addresses started coming in as "user@example.com" (actually says  
"example.com")

That sounds like the most likely suspect. They're probably waiting for  
a confirm email to come back to the address they posted, to see if  
they can use the form to send spam from the website.

Maybe I'll send a response to one of the addresses and see the page  
starts getting more hits.

Thanks for the help guys!

Terry

Re: [OT?] Web Form Spam

Posted by Jay Plesset <ja...@dp-design.com>.

I've been getting 2 or 3 of these daily.  The mail address typically 
matches the "name" put in, it's always a gmail address, and so far, it's 
always been a bad mail address.

It's more an annoyance than a problem, my mailing program sends out a 
confirm, and when it bounces, I remove the bogus entry from the db.

jay plesset
IT, dp-design.com

Jason Bertoch wrote:
> On 1/29/2010 12:44 PM, terry@cnysupport.com wrote:
>>
>> Really, I was just trying to figure out what the point would be for 
>> someone to fill out the form with obviously invalid data.
>>
>
> My guess is that it's a spammer's bot looking for a broken web form to 
> abuse.

Re: [OT?] Web Form Spam

Posted by te...@cnysupport.com.

Quoting James Butler <ja...@musicforhumans.com>:

> Jason Bertoch wrote:
>> On 1/29/2010 12:44 PM, terry@cnysupport.com wrote:
>>>
>>> Really, I was just trying to figure out what the point would be for
>>> someone to fill out the form with obviously invalid data.
>>>
>>
>> My guess is that it's a spammer's bot looking for a broken web form to
>> abuse.
>>
> Many web forms are programmed to send a confirmation message or some
> sort of notification to the email address included in the form ... a
> sweet vector for sending spam. Gibberish in the form is just a probe.

Mine doesn't send out anything to the user. It just says: "Thank you!". 8-)

Terry

Re: [OT?] Web Form Spam

Posted by James Butler <ja...@jamesbutler.net>.

Charles Gregory wrote:
> On Fri, 29 Jan 2010, James Butler wrote:
>> ..... Gibberish in the form is just a probe.
>
> My experience has been that the gibberish gets around simplistic tests
> for 'empty' fields. That's why I advocate the use of a field that
> *should* be empty. :)
>
> - C
>
Great idea. Works well. Thanks!

James

Re: [OT?] Web Form Spam

Posted by Charles Gregory <cg...@hwcn.org>.

On Fri, 29 Jan 2010, James Butler wrote:
> ..... Gibberish in the form is just a probe.

My experience has been that the gibberish gets around simplistic tests for 
'empty' fields. That's why I advocate the use of a field that *should* be 
empty. :)

- C

Re: [OT?] Web Form Spam

Posted by James Butler <ja...@musicforhumans.com>.

Jason Bertoch wrote:
> On 1/29/2010 12:44 PM, terry@cnysupport.com wrote:
>>
>> Really, I was just trying to figure out what the point would be for
>> someone to fill out the form with obviously invalid data.
>>
>
> My guess is that it's a spammer's bot looking for a broken web form to
> abuse.
>
Many web forms are programmed to send a confirmation message or some
sort of notification to the email address included in the form ... a
sweet vector for sending spam. Gibberish in the form is just a probe.

Re: [OT?] Web Form Spam

Posted by Jason Bertoch <ja...@i6ix.com>.

On 1/29/2010 12:44 PM, terry@cnysupport.com wrote:
> 
> Really, I was just trying to figure out what the point would be for 
> someone to fill out the form with obviously invalid data.
> 

My guess is that it's a spammer's bot looking for a broken web form to 
abuse.

Re: Web Form Spam

Posted by Charles Gregory <cg...@hwcn.org>.

On Fri, 29 Jan 2010, terry@cnysupport.com wrote:
> little uncomfortable making the form submit any more complicated than 
> necessary, since the people who use it are generally already stressed, and 
> I'd prefer to not make them decipher swirly letters.

I find that most form-fillers are robots and stupid, and can be easily 
defeated by inserting a 'hidden' field into the HTML that is invitingly 
labelled something like 'e-mail' and then have your form handler test 
whether it is empty. If not, then a robot has generated an input string 
rather than using your actual form.

Also, if any fields like phone number can reasonably be expected to be 
all-numeric, make this a test condition, and it will stop the 
alphabet-soup kinds of random field entry.

If the form is intended to report URL's for your own site, test to make 
sure any URL *is* one of yours - any other URL, just toss it..... :)

> Really, I was just trying to figure out what the point would be for 
> someone to fill out the form with obviously invalid data.

You would be amazed how many different bulletin boards and forums rely on 
a simple HTML form to post to a message/report to a large list of people.
Or the form is for a 'comment' page whose output is visible to all website 
visitors. Guestbooks are frequent victims of form spam.

- C

Re: [OT?] Web Form Spam

Posted by te...@cnysupport.com.

Quoting "--[ UxBoD ]--" <ux...@splatnix.net>:

>
> ----- terry@cnysupport.com wrote:
>
>> I've recently started receiving web form "spam", but I'm not quite
>> sure what to make of it.

. . .
>>
>> Recently, I've started receiving forms that contain random keyboard
>> letters that look like they were typed by a person (in keyboard order
>>
>> like "asdfghjk") and contain nothing valid except possibly the email

> Bayes poisoning ? Do you not have any sort of human verification on   
> the form eg. CAPTCHA

There isn't any sort of login or verification on the form. It really  
hasn't needed any, since it's been up for quite a while without any  
problems. I'm a little uncomfortable making the form submit any more  
complicated than necessary, since the people who use it are generally  
already stressed, and I'd prefer to not make them decipher swirly  
letters.

I'll see how well the IP restriction works and take additional steps  
if necessary.

Really, I was just trying to figure out what the point would be for  
someone to fill out the form with obviously invalid data.

Can SA handle plain text (not an email with headers?). The garbage  
characters are pretty obvious.

Thanks,

Terry

Re: [OT?] Web Form Spam

Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.

----- terry@cnysupport.com wrote:

> I've recently started receiving web form "spam", but I'm not quite  
> sure what to make of it.
> 
> My websites contains a couple of support request forms that ask for  
> minimal information (business name, name, phone, problem, email  
> address).
> 
> Recently, I've started receiving forms that contain random keyboard  
> letters that look like they were typed by a person (in keyboard order 
> 
> like "asdfghjk") and contain nothing valid except possibly the email 
> 
> address.
> 
> The IP addresses are all from outside my country, so it's not possible
>  
> they're legitimate.
> 
> Normally I wouldn't care about a few spams, but these create an  
> emergency support ticket which means that someone gets paged in the  
> middle of the night.
> 
> I just implemented a Country IP verification on the form handler to  
> stop this, however I'm really puzzled why anybody would bother to fill
>  
> out the form with random data in the first place.
> 
> Anybody have any ideas what anybody would hope to accomplish with
> this?
> 
> Terry
Bayes poisoning ? Do you not have any sort of human verification on the form eg. CAPTCHA
-- 
Thanks, Phil