You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by te...@cnysupport.com on 2010/01/29 17:41:57 UTC
[OT?] Web Form Spam
I've recently started receiving web form "spam", but I'm not quite
sure what to make of it.
My websites contains a couple of support request forms that ask for
minimal information (business name, name, phone, problem, email
address).
Recently, I've started receiving forms that contain random keyboard
letters that look like they were typed by a person (in keyboard order
like "asdfghjk") and contain nothing valid except possibly the email
address.
The IP addresses are all from outside my country, so it's not possible
they're legitimate.
Normally I wouldn't care about a few spams, but these create an
emergency support ticket which means that someone gets paged in the
middle of the night.
I just implemented a Country IP verification on the form handler to
stop this, however I'm really puzzled why anybody would bother to fill
out the form with random data in the first place.
Anybody have any ideas what anybody would hope to accomplish with this?
Terry
Re: [OT?] Web Form Spam
Posted by te...@cnysupport.com.
Quoting Jay Plesset <ja...@dp-design.com>:
> I've been getting 2 or 3 of these daily. The mail address typically
> matches the "name" put in, it's always a gmail address, and so far,
> it's always been a bad mail address.
>
> It's more an annoyance than a problem, my mailing program sends out a
> confirm, and when it bounces, I remove the bogus entry from the db.
>
> jay plesset
> IT, dp-design.com
>
> Jason Bertoch wrote:
>> On 1/29/2010 12:44 PM, terry@cnysupport.com wrote:
>>>
>>> Really, I was just trying to figure out what the point would be
>>> for someone to fill out the form with obviously invalid data.
>>>
>>
>> My guess is that it's a spammer's bot looking for a broken web form
>> to abuse.
That's almost exactly what I've been getting, although today the email
addresses started coming in as "user@example.com" (actually says
"example.com")
That sounds like the most likely suspect. They're probably waiting for
a confirm email to come back to the address they posted, to see if
they can use the form to send spam from the website.
Maybe I'll send a response to one of the addresses and see the page
starts getting more hits.
Thanks for the help guys!
Terry
Re: [OT?] Web Form Spam
Posted by Jay Plesset <ja...@dp-design.com>.
I've been getting 2 or 3 of these daily. The mail address typically
matches the "name" put in, it's always a gmail address, and so far, it's
always been a bad mail address.
It's more an annoyance than a problem, my mailing program sends out a
confirm, and when it bounces, I remove the bogus entry from the db.
jay plesset
IT, dp-design.com
Jason Bertoch wrote:
> On 1/29/2010 12:44 PM, terry@cnysupport.com wrote:
>>
>> Really, I was just trying to figure out what the point would be for
>> someone to fill out the form with obviously invalid data.
>>
>
> My guess is that it's a spammer's bot looking for a broken web form to
> abuse.
Re: [OT?] Web Form Spam
Posted by te...@cnysupport.com.
Quoting James Butler <ja...@musicforhumans.com>:
> Jason Bertoch wrote:
>> On 1/29/2010 12:44 PM, terry@cnysupport.com wrote:
>>>
>>> Really, I was just trying to figure out what the point would be for
>>> someone to fill out the form with obviously invalid data.
>>>
>>
>> My guess is that it's a spammer's bot looking for a broken web form to
>> abuse.
>>
> Many web forms are programmed to send a confirmation message or some
> sort of notification to the email address included in the form ... a
> sweet vector for sending spam. Gibberish in the form is just a probe.
Mine doesn't send out anything to the user. It just says: "Thank you!". 8-)
Terry
Re: [OT?] Web Form Spam
Posted by James Butler <ja...@jamesbutler.net>.
Charles Gregory wrote:
> On Fri, 29 Jan 2010, James Butler wrote:
>> ..... Gibberish in the form is just a probe.
>
> My experience has been that the gibberish gets around simplistic tests
> for 'empty' fields. That's why I advocate the use of a field that
> *should* be empty. :)
>
> - C
>
Great idea. Works well. Thanks!
James
Re: [OT?] Web Form Spam
Posted by Charles Gregory <cg...@hwcn.org>.
On Fri, 29 Jan 2010, James Butler wrote:
> ..... Gibberish in the form is just a probe.
My experience has been that the gibberish gets around simplistic tests for
'empty' fields. That's why I advocate the use of a field that *should* be
empty. :)
- C
Re: [OT?] Web Form Spam
Posted by James Butler <ja...@musicforhumans.com>.
Jason Bertoch wrote:
> On 1/29/2010 12:44 PM, terry@cnysupport.com wrote:
>>
>> Really, I was just trying to figure out what the point would be for
>> someone to fill out the form with obviously invalid data.
>>
>
> My guess is that it's a spammer's bot looking for a broken web form to
> abuse.
>
Many web forms are programmed to send a confirmation message or some
sort of notification to the email address included in the form ... a
sweet vector for sending spam. Gibberish in the form is just a probe.
Re: [OT?] Web Form Spam
Posted by Jason Bertoch <ja...@i6ix.com>.
On 1/29/2010 12:44 PM, terry@cnysupport.com wrote:
>
> Really, I was just trying to figure out what the point would be for
> someone to fill out the form with obviously invalid data.
>
My guess is that it's a spammer's bot looking for a broken web form to
abuse.
Re: Web Form Spam
Posted by Charles Gregory <cg...@hwcn.org>.
On Fri, 29 Jan 2010, terry@cnysupport.com wrote:
> little uncomfortable making the form submit any more complicated than
> necessary, since the people who use it are generally already stressed, and
> I'd prefer to not make them decipher swirly letters.
I find that most form-fillers are robots and stupid, and can be easily
defeated by inserting a 'hidden' field into the HTML that is invitingly
labelled something like 'e-mail' and then have your form handler test
whether it is empty. If not, then a robot has generated an input string
rather than using your actual form.
Also, if any fields like phone number can reasonably be expected to be
all-numeric, make this a test condition, and it will stop the
alphabet-soup kinds of random field entry.
If the form is intended to report URL's for your own site, test to make
sure any URL *is* one of yours - any other URL, just toss it..... :)
> Really, I was just trying to figure out what the point would be for
> someone to fill out the form with obviously invalid data.
You would be amazed how many different bulletin boards and forums rely on
a simple HTML form to post to a message/report to a large list of people.
Or the form is for a 'comment' page whose output is visible to all website
visitors. Guestbooks are frequent victims of form spam.
- C
Re: [OT?] Web Form Spam
Posted by te...@cnysupport.com.
Quoting "--[ UxBoD ]--" <ux...@splatnix.net>:
>
> ----- terry@cnysupport.com wrote:
>
>> I've recently started receiving web form "spam", but I'm not quite
>> sure what to make of it.
. . .
>>
>> Recently, I've started receiving forms that contain random keyboard
>> letters that look like they were typed by a person (in keyboard order
>>
>> like "asdfghjk") and contain nothing valid except possibly the email
> Bayes poisoning ? Do you not have any sort of human verification on
> the form eg. CAPTCHA
There isn't any sort of login or verification on the form. It really
hasn't needed any, since it's been up for quite a while without any
problems. I'm a little uncomfortable making the form submit any more
complicated than necessary, since the people who use it are generally
already stressed, and I'd prefer to not make them decipher swirly
letters.
I'll see how well the IP restriction works and take additional steps
if necessary.
Really, I was just trying to figure out what the point would be for
someone to fill out the form with obviously invalid data.
Can SA handle plain text (not an email with headers?). The garbage
characters are pretty obvious.
Thanks,
Terry
Re: [OT?] Web Form Spam
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
----- terry@cnysupport.com wrote:
> I've recently started receiving web form "spam", but I'm not quite
> sure what to make of it.
>
> My websites contains a couple of support request forms that ask for
> minimal information (business name, name, phone, problem, email
> address).
>
> Recently, I've started receiving forms that contain random keyboard
> letters that look like they were typed by a person (in keyboard order
>
> like "asdfghjk") and contain nothing valid except possibly the email
>
> address.
>
> The IP addresses are all from outside my country, so it's not possible
>
> they're legitimate.
>
> Normally I wouldn't care about a few spams, but these create an
> emergency support ticket which means that someone gets paged in the
> middle of the night.
>
> I just implemented a Country IP verification on the form handler to
> stop this, however I'm really puzzled why anybody would bother to fill
>
> out the form with random data in the first place.
>
> Anybody have any ideas what anybody would hope to accomplish with
> this?
>
> Terry
Bayes poisoning ? Do you not have any sort of human verification on the form eg. CAPTCHA
--
Thanks, Phil