The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Contact Us form hijacked?

Discussion in 'General Discussion' started by ramjet666, Sep 9, 2005.

  1. ramjet666

    ramjet666 Member

    Joined:
    Apr 23, 2005
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Hi Guys,

    My client has a contact us type of form where fields are entered
    and then emailed to the client via some php code.

    But they are receiving 20-30 emails a day from the form containing
    random generated data as if someone or something is dumping
    random data to it as if they are trying to use it for spam.

    I have looked in the access logs and can see the contact us form
    being accessed as well as the php form, but am unsure whats legit
    and whats not.

    How can I stop this? Is there a way?

    Roger.
     
  2. astopy

    astopy Well-Known Member

    Joined:
    Apr 3, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    You could try one of those image verification things, where the user has to enter the text from a randomly generated image into the form - though I have no idea how to make them :)
     
  3. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    hey

    In the domains logs try see if there is an IP address repeat lots of times trying to access the form.
    Just stick that ip address in the iptables rules and ban the spammer.

    What type of form is it ?
    Are you using the cpanel encrypted formail function or another one (version 1.92 or something like that)??

    Try change the name of the file(formmail), and update your you code to use it.

    cheers
    Andy
     
  4. dory36

    dory36 Well-Known Member

    Joined:
    Aug 30, 2003
    Messages:
    179
    Likes Received:
    0
    Trophy Points:
    16
    I have several dozen "contact us" forms on sites I have done, and almost all are getting this stuff.

    The messages all look similar - every field is filled in with the same seemingly random string, followed by "@" and the domain name where the contact us page resides. (My standard "contact us" form requires a properly formatted email address in one of the fields, so there may be many attempts for every one that gets through.

    It is annowing, but it seems to be a couple of dozen messages (per form) and then no more.
     
  5. pshepperd

    pshepperd Well-Known Member

    Joined:
    Feb 12, 2005
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    I have an image verification script I made in php, that I intend to release opensource if you need it.

    I would suggest finding one of those forms, and throwing in php code that logs the IP of the submitter, then banning that ip in your firewall as it seems some script kiddie is simply using a tool to automatically fill these out.

    Just an idea.
     
  6. dory36

    dory36 Well-Known Member

    Joined:
    Aug 30, 2003
    Messages:
    179
    Likes Received:
    0
    Trophy Points:
    16
    Thanks Paul. Good idea.

    I added the following to the mail being sent to the site owner when someone fills out these forms:


    $Message .= "The inquiry originated at IP address ". $_SERVER['REMOTE_ADDR'] . ".\n\nIf you are getting multiple bogus messages from the same IP address, please forward one or more samples to (my support email), and we will investigate, and possibly block that IP address.\n\n" ;
     
  7. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    Try using the formmail.php script from http://tectite.com. It the best formmail script around. If you want, you can install the image verification modification.
     
Loading...

Share This Page