Spambot is attacking 'Contact Us' forms

evereddie · May 18th, 2008, 01:47 PM

I have a "Contact Us" form on a clients site that has started getting hit with a spambot of some kind.

I have set up 'form checking' to require certain fields are filled in correctly (like zip code requiring a number of a certain length) and certain check boxes are checked before it will successfully submit the form. The form then works with a PHP script and sends the info to a list of e-mails. Somehow the Spambot is getting around the 'form checking' and submitting the form even though the required fields are not filled in properly. The actual PHP script is NOT being attacked because it has security features which I can tell is working. The Spambot is working directly with the 'form page'. How is the spambot getting around the form checking?

I might have to switch to a whole different kind of form and have used 'Quask' in the past and think that might help with this issue but would like to know how this can happen and if there are any fixes better than a complete re-do in another type of 'submit form' program.

sr71000 · May 20th, 2008, 07:46 PM

It sounds to me like they're just submitting the information as opposed going and loading the form and filling it in and then submitting. They aren't using your webpage to submit the form, they just went and looked at what header info needs to be filled in for the script and are hitting your script over and over again. You used some sort of server side scripting to do it, right? (ex. javascript) I'd suggest a simple captcha script and/or require the form checking right at the beginning of your email script and die if the info is incorrect (or reload the form with the old info with a * next to the incorrect fields! Google for more info on captcha scripts

-Kevin

evereddie · May 21st, 2008, 03:02 AM

Yes you were right sr71000 and it was because of an ooops on my part. I had accidentally put a copy of the php script for the form in the root directory. I had the active one in the 'cgi-bin' folder where it should be but somehow got a copy of it in the root. It was directly being attacked. It must have been there a while but spam-bot must have just found it. It is deleted and I will know almost immediately if the issues are gone.
Thanx

sr71000 · May 22nd, 2008, 11:05 PM

good to hear that you found it. Let us know if that fixes it up!

evereddie · May 23rd, 2008, 12:23 AM

A couple of days now and no more problems. I hate when I do dumb things like that. At least it's fixed.
Thanx again.