Hi Folks,
Suddenly hundreds of similar, empty replies come in from our website http://www.youngfocus.org … For days in a row now. They are all empty with a ‘noreply’ address.
Anti-Spam has been applied. Is there a way to stop it or prevent these mails coming in even better. Is CAPTCHA the only solution?
Are you using the latest version of the action and have you ticked the box to ‘Add a Spam Trap’? Or is that what you mean by ‘Anti-Spam has been applied’
From: noreply@
Subject: YOUNG FOCUS Web site feedback
Date: March 13, 2011 5:43:04 PM GMT+08:00
To: email@hidden
Reply-To: noreply@
The following information was submitted from a form on www.youngfocus.org:
PLEASE NOTE: This is a message from the www.youngfocus.org web site
and has been sent from a machine and not a person.
Please do not reply to this e-mail as it will bounce.
I had a problem where a site I did was getting a bit of spam thru the form, or so it seemed. No matter what I set in the form Action, there was still spam coming. I noticed something odd about the spam that I could not put my finger on, but it gave me an idea.
I changed the name of the form page (and thus the php page that processes the submission), and the spam stopped.
I’m not exactly sure what happened, but it seems like somehow the spammers were faking out the processing page. Once they lost the connection to it, they were gone and haven’t been back.
The latest versions of PHP Feedback Form include the honeypot as well.
What Joe was noticing was that it appeared to him as though someone
had come along and “scraped” his form, and was using their own version
of it to send the posts to his form handler. By changing the filename
of that handler to something else (which, when using PHPFF is as easy
as changing the filename of your contact page slightly, then
publishing again} he was able to cut out that entire set of fraudulent
entries.
Walter
On Mar 13, 2011, at 1:38 PM, seoras wrote:
I changed the name of the form page (and thus the php page that
processes the submission), and the spam stopped.
Joe could you expand on that; from what to what.
As an aside Pulsecms has a form that can be used which includes a
‘honeypot field’ for basic security.
Ah, didn’t know that info was there. Here we go (I have not enabled ‘Track IP Address’… I should I guess …
Return-Path: email@hidden
X-Original-To: email@hidden
Delivered-To: email@hidden
Received: from se06.mail.pcextreme.nl (se06.mail.pcextreme.nl [109.72.87.156])
by smtp01.mail.pcextreme.nl (Postfix) with ESMTPS id 6D7A576221
for email@hidden; Thu, 17 Mar 2011 02:45:34 +0100 (CET)
Received: from se10.mail.pcextreme.nl ([178.63.8.141])
by se06.mail.pcextreme.nl with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.72)
(envelope-from email@hidden)
id 1Q02GI-00013K-Cj
for email@hidden; Thu, 17 Mar 2011 02:45:22 +0100
Received: from [109.72.87.249] (helo=vhosting-relay.mail.pcextreme.nl)
by se10.mail.pcextreme.nl with esmtpa (Exim 4.72)
(envelope-from email@hidden)
id 1Q02GF-0005TH-0A
for email@hidden; Thu, 17 Mar 2011 02:44:26 +0100
Received: from web02.vhosting.pcextreme.nl (unknown [10.0.12.2])
by vhosting-relay.mail.pcextreme.nl (Postfix) with ESMTP id E1C71FE04
for email@hidden; Thu, 17 Mar 2011 02:44:22 +0100 (CET)
Received: by web02.vhosting.pcextreme.nl (Postfix, from userid 23775)
id E36CF10090D; Thu, 17 Mar 2011 02:44:22 +0100 (CET)
To: email@hidden
Subject: YOUNG FOCUS Web site feedback
X-PHP-Originating-Script: 23775:form-go.php
From: <noreply@>
MIME-Version: 1.0
Content-type: text/plain; charset=“ISO-8859-1”
Content-transfer-encoding: 7bit
Reply-To: noreply@
Message-Id: email@hidden
Date: Thu, 17 Mar 2011 02:44:22 +0100 (CET)
X-Warning: web02.vhosting.pcextreme.nl has no MX records
X-Filter-ID: XtLePq6GTMn8G68F0EmQvTj8kXb3KgOMBAzB+peKwQYZHmnVkCaJ2pJnIVf3j1BpeOTH7N0tQy/M
0A+pl7jTdySd94uDt2R4g+V/+yPCloC6nU9sNryyfNj417PMn2R1+eBuL9646DE2zjIRIJGfI7Qi
jy7eMklMJynNf3VO/1KpygCY7MhiLG+2E0Owt9G5HHASJNUmoOHSoqgqxfHmWcyq3SEz93Cvv4hR
Kz6sWTy59fTB504R361GJXVOiWRFeS7bGHbspHrTF7oHg6JoWu9B4dwbI7n1m+D/TejwdZAFJlLl
zHRNw0jGo5StYoE5g8CBO1Snvm6qXHQp7O9kdZkxxee+epjXqyt2nLrkDr+AwBuwkqgccilKWP5a
zdk5ASJFC/49WOPBr5nlEUI4xMccCJrM9mP5kvsGOaYBqKVn7TCUul1Fic6SqOIerRBXUqpScM45
IW5TaoP6faMp/FtnaagrkS4yIfbbxXrFSQs=
X-Spampanel-Outgoing-Class: unsure;
X-Spampanel-Outgoing-Score: 0.180226698232
X-Spampanel-Outgoing-Evidence: ‘ole’: 0.50; ‘crm114’: 0.50; ‘direct’: 0.50;
‘spambayes.global_tokens’: 0.05; ‘pyzor’: 0.50; ‘sa’: 0.03; ‘dkim’: 0.50;
‘dnsbl’: 0.75; ‘sender’: 0.70
X-Spampanel-Outgoing-Thermostat: —
X-Originating-IP: 109.72.87.249
X-OLS-BogusWarn: No x-mailer header
X-Fake-Warning: OK - 1500 points
X-Sender-Warning: No verifiable sender address in message headers
X-Filter-ID: XtLePq6GTMn8G68F0EmQvTj8kXb3KgOMBAzB+peKwQYZHmnVkCaJ2pJnIVf3j1BpeOTH7N0tQy/M
0A+pl7jTdySd94uDt2R4g+V/+yPCloA02l+JLfXU87vtFtobaic8OPVn7GSsvGfPh6kfjrDGssdv
TAmSpNjmOkUWSefNH6wTC/p7JtTAGfoKC0dtu5MhMaBuZrIZ6tMjvY4Vxa1s0bKd32kdAey+MpsH
jma0fr18zGUhxjfWz3jrlRjswzVlC0WjvSENtsh6szbQCpatPX6m+UeFXprlCOm3BAEbJtBDRiP7
OGvraa/BFnQFliO/qv6LjxE5I783xgyMpd/ziZzmtJgVOzgQ/sdF9GtzCJtmzGrWLBAq0DJpO+aj
F7ihZl2Unaid7X+RySWeazsRquAZqq4n1KldkPth72G5+k5XvbXXZzNV8NoUdboiK7vafgtZxCbF
6q785N+jZyxZvkpYEvMoj4Oc4NhkogsnU6BX7VZFiC/gDSidldHqUeiL
X-Spampanel-Class: ham;
X-Spampanel-Score: 0.0307818356975
X-Spampanel-Evidence: ‘ole’: 0.50; ‘crm114’: 0.50; ‘direct’: 0.50;
‘spambayes.global_tokens’: 0.02; ‘pyzor’: 0.50; ‘sa’: 0.23; ‘os’: 0.40;
‘dkim’: 0.50; ‘dnsbl’: 0.58; ‘sender’: 0.60
X-Spampanel-Thermostat: -----
The following information was submitted from a form on www.youngfocus.org:
PLEASE NOTE: This is a message from the www.youngfocus.org web site
and has been sent from a machine and not a person.
Please do not reply to this e-mail as it will bounce.
I don’t see any spam prevention in the code. Do you have the latest version of the Action? Download it from ActionsForge and ,make sure you have the “Add a spam trap?” option in the Advanced section checked.
Joe
On 17 Mar 2011, at 01:54, paulvw wrote:
Ah, didn’t know that info was there. Here we go (I have not enabled ‘Track IP Address’… I should I guess …
Return-Path: email@hidden
X-Original-To: email@hidden
Delivered-To: email@hidden
Received: from se06.mail.pcextreme.nl (se06.mail.pcextreme.nl [109.72.87.156])
by smtp01.mail.pcextreme.nl (Postfix) with ESMTPS id 6D7A576221
for email@hidden; Thu, 17 Mar 2011 02:45:34 +0100 (CET)
Received: from se10.mail.pcextreme.nl ([178.63.8.141])
by se06.mail.pcextreme.nl with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.72)
(envelope-from email@hidden)
id 1Q02GI-00013K-Cj
for email@hidden; Thu, 17 Mar 2011 02:45:22 +0100
Received: from [109.72.87.249] (helo=vhosting-relay.mail.pcextreme.nl)
by se10.mail.pcextreme.nl with esmtpa (Exim 4.72)
(envelope-from email@hidden)
id 1Q02GF-0005TH-0A
for email@hidden; Thu, 17 Mar 2011 02:44:26 +0100
Received: from web02.vhosting.pcextreme.nl (unknown [10.0.12.2])
by vhosting-relay.mail.pcextreme.nl (Postfix) with ESMTP id E1C71FE04
for email@hidden; Thu, 17 Mar 2011 02:44:22 +0100 (CET)
Received: by web02.vhosting.pcextreme.nl (Postfix, from userid 23775)
id E36CF10090D; Thu, 17 Mar 2011 02:44:22 +0100 (CET)
To: email@hidden
Subject: YOUNG FOCUS Web site feedback
X-PHP-Originating-Script: 23775:form-go.php
From: <noreply@>
MIME-Version: 1.0
Content-type: text/plain; charset=“ISO-8859-1”
Content-transfer-encoding: 7bit
Reply-To: noreply@
Message-Id: email@hidden
Date: Thu, 17 Mar 2011 02:44:22 +0100 (CET)
X-Warning: web02.vhosting.pcextreme.nl has no MX records
X-Filter-ID: XtLePq6GTMn8G68F0EmQvTj8kXb3KgOMBAzB+peKwQYZHmnVkCaJ2pJnIVf3j1BpeOTH7N0tQy/M
0A+pl7jTdySd94uDt2R4g+V/+yPCloC6nU9sNryyfNj417PMn2R1+eBuL9646DE2zjIRIJGfI7Qi
jy7eMklMJynNf3VO/1KpygCY7MhiLG+2E0Owt9G5HHASJNUmoOHSoqgqxfHmWcyq3SEz93Cvv4hR
Kz6sWTy59fTB504R361GJXVOiWRFeS7bGHbspHrTF7oHg6JoWu9B4dwbI7n1m+D/TejwdZAFJlLl
zHRNw0jGo5StYoE5g8CBO1Snvm6qXHQp7O9kdZkxxee+epjXqyt2nLrkDr+AwBuwkqgccilKWP5a
zdk5ASJFC/49WOPBr5nlEUI4xMccCJrM9mP5kvsGOaYBqKVn7TCUul1Fic6SqOIerRBXUqpScM45
IW5TaoP6faMp/FtnaagrkS4yIfbbxXrFSQs=
X-Spampanel-Outgoing-Class: unsure;
X-Spampanel-Outgoing-Score: 0.180226698232
X-Spampanel-Outgoing-Evidence: ‘ole’: 0.50; ‘crm114’: 0.50; ‘direct’: 0.50;
‘spambayes.global_tokens’: 0.05; ‘pyzor’: 0.50; ‘sa’: 0.03; ‘dkim’: 0.50;
‘dnsbl’: 0.75; ‘sender’: 0.70
X-Spampanel-Outgoing-Thermostat: —
X-Originating-IP: 109.72.87.249
X-OLS-BogusWarn: No x-mailer header
X-Fake-Warning: OK - 1500 points
X-Sender-Warning: No verifiable sender address in message headers
X-Filter-ID: XtLePq6GTMn8G68F0EmQvTj8kXb3KgOMBAzB+peKwQYZHmnVkCaJ2pJnIVf3j1BpeOTH7N0tQy/M
0A+pl7jTdySd94uDt2R4g+V/+yPCloA02l+JLfXU87vtFtobaic8OPVn7GSsvGfPh6kfjrDGssdv
TAmSpNjmOkUWSefNH6wTC/p7JtTAGfoKC0dtu5MhMaBuZrIZ6tMjvY4Vxa1s0bKd32kdAey+MpsH
jma0fr18zGUhxjfWz3jrlRjswzVlC0WjvSENtsh6szbQCpatPX6m+UeFXprlCOm3BAEbJtBDRiP7
OGvraa/BFnQFliO/qv6LjxE5I783xgyMpd/ziZzmtJgVOzgQ/sdF9GtzCJtmzGrWLBAq0DJpO+aj
F7ihZl2Unaid7X+RySWeazsRquAZqq4n1KldkPth72G5+k5XvbXXZzNV8NoUdboiK7vafgtZxCbF
6q785N+jZyxZvkpYEvMoj4Oc4NhkogsnU6BX7VZFiC/gDSidldHqUeiL
X-Spampanel-Class: ham;
X-Spampanel-Score: 0.0307818356975
X-Spampanel-Evidence: ‘ole’: 0.50; ‘crm114’: 0.50; ‘direct’: 0.50;
‘spambayes.global_tokens’: 0.02; ‘pyzor’: 0.50; ‘sa’: 0.23; ‘os’: 0.40;
‘dkim’: 0.50; ‘dnsbl’: 0.58; ‘sender’: 0.60
X-Spampanel-Thermostat: -----
The following information was submitted from a form on www.youngfocus.org:
PLEASE NOTE: This is a message from the www.youngfocus.org web site
and has been sent from a machine and not a person.
Please do not reply to this e-mail as it will bounce.
Yes!!! The latest version is installed and also SPAM TRAP activated!! That is weird that this is not visible in this code
Somehow the action is not active then?!
This is a long shot but, since there are no other forms on the page, try removing the Action from the item it’s applied to and applying it to the page (and then setting all the settings back to the way they were before).
Joe
On 17 Mar 2011, at 07:49, paulvw wrote:
Yes!!! The latest version is installed and also SPAM TRAP activated!! That is weird that this is not visible in this code
Somehow the action is not active then?!
Hi Paul,
Just to clarify a few things here. The code you posted was the raw source for the received email and not anything that the Action has generated. If you enable the spam trap feature in the Action it will add a hidden text field to the form and, assuming this is filled in, will reject the user as a spammer. You’ll be able to see the code that runs this if you open up the -go.php file that the Action creates and is used to process the form data. It won’t show up in the received email source.
I’d suggest turning on the IP tracking feature which should log the IP address of all users of the PHP file. If you are getting these blank emails from a single or cluster of IP addresses then consider blocking them by using an .htaccess file. Here’s a good overview on how to do this; http://blamcast.net/articles/block-bots-hotlinking-ban-ip-htaccess
Place the .htaccess file in the same directory as the feedback form and, if working, it will simply block users from these addresses.
I hope this helps.
Regards,
Tim.
On 17 Mar 2011, at 07:49, paulvw wrote:
Yes!!! The latest version is installed and also SPAM TRAP activated!! That is weird that this is not visible in this code
Somehow the action is not active then?!