Contact Us form hijacked?

[ramjet666]

Hi Guys,

My client has a contact us type of form where fields are entered
and then emailed to the client via some php code.

But they are receiving 20-30 emails a day from the form containing
random generated data as if someone or something is dumping
random data to it as if they are trying to use it for spam.

I have looked in the access logs and can see the contact us form
being accessed as well as the php form, but am unsure whats legit
and whats not.

How can I stop this? Is there a way?

Roger.

[astopy]

You could try one of those image verification things, where the user has to enter the text from a randomly generated image into the form - though I have no idea how to make them

[forlinuxsupport]

hey

In the domains logs try see if there is an IP address repeat lots of times trying to access the form.
Just stick that ip address in the iptables rules and ban the spammer.

What type of form is it ?
Are you using the cpanel encrypted formail function or another one (version 1.92 or something like that)??

Try change the name of the file(formmail), and update your you code to use it.

cheers
Andy

[dory36]

I have several dozen "contact us" forms on sites I have done, and almost all are getting this stuff.

The messages all look similar - every field is filled in with the same seemingly random string, followed by "@" and the domain name where the contact us page resides. (My standard "contact us" form requires a properly formatted email address in one of the fields, so there may be many attempts for every one that gets through.

It is annowing, but it seems to be a couple of dozen messages (per form) and then no more.

[pshepperd]

I have an image verification script I made in php, that I intend to release opensource if you need it.

I would suggest finding one of those forms, and throwing in php code that logs the IP of the submitter, then banning that ip in your firewall as it seems some script kiddie is simply using a tool to automatically fill these out.

Just an idea.

[dory36]

Thanks Paul. Good idea.

I added the following to the mail being sent to the site owner when someone fills out these forms:


$Message .= "The inquiry originated at IP address ". $_SERVER['REMOTE_ADDR'] . ".\n\nIf you are getting multiple bogus messages from the same IP address, please forward one or more samples to (my support email), and we will investigate, and possibly block that IP address.\n\n" ;

[jackie46]

Try using the formmail.php script from http://tectite.com. It the best formmail script around. If you want, you can install the image verification modification.