[thelist] are bots submitting my form?
Kasimir K
evolt at kasimir-k.fi
Fri Jan 13 09:34:07 CST 2006
Casey scribeva in 2006-01-12 17:38:
> Yes, it's a good chance bots are submitting your form. What you are seeing
> is not at all unusual, and as I understand it, they are hoping to discover
> the email address to which the form content is being sent. Once they have
> the email address, of course, they can sell it to spammers.
Over the last couple months there's been (or was) a wave of contact form
bot attacks - the purpose is not to discover any email addresses, but do
header injection in order to Bcc: spam
There's been some discussion on the list on this issue, check out these
threads for more:
http://lists.evolt.org/archive/Week-of-Mon-20050905/175573.html
http://lists.evolt.org/archive/Week-of-Mon-20051107/177540.html
http://lists.evolt.org/archive/Week-of-Mon-20051114/177806.html
http://lists.evolt.org/archive/Week-of-Mon-20051128/178120.html
Have a look also at:
http://www.nyphp.org/phundamentals/email_header_injection.php
> The best way I know of to stop this is to use a required field which asks
> the user to enter the contents of an ... image with a distorted word in it
This is called CAPTCHA ("completely automated public Turing test to tell
computers and humans apart"), and it actually is not such a good idea.
http://www.w3.org/TR/turingtest/
> From: <liz at zolabola.com>
> Sent: Thursday, January 12, 2006 9:10 AM
>> But the darn form keeps coming in completely empty!!!
So it seems that your form is not a victim of this injection attack
after all - the messages wouldn't be empty. As others have said, your
problem lies in using only Javascript for validation (which is a bad idea).
.k
More information about the thelist
mailing list