[Pro] PHP Feedback form spam

Hi

We have a client who has started to receive occasional “spam” messages via their contact form. The form was set up using the PHP feedback form action, and can be found on www.robinhurt.com in the CONTACT section.

The page and the form itself have the anti-spam action applied. Could anyone suggest what would be causing this or if it could be the hosting account that it at fault, including any ideas on how to stop it happening in future.

I have included the message that is being received by the email address below.

Thanks
Matt Covarr

The email that they are receiving looks like this.

The following information was submitted from a form on www.robinhurt.com:

Name: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Postal Address: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Telephone Number: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Fax Number: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Email Address: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Comments: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Hi Matt,

This is an email probably being sent by someone physically, so a
captcha will not stop this. You need a way to select the blocking of
text or words so you can tell the script to block anything with ‘[url’
and ‘[link’ being used in the message, it would also help to stop
‘href=’. I do not think there is a way of stopping this directly with
the action you are using.

There is the easiForm action ‘of mine’ that can stop this but it is
not free, there is a small license fee per domain it is used on.
http://www.actionsforge.com/actions/view/55-php-easiform

If you know a little about scripts then you could edit the script the
PHP Feedback Form action you are using creates, unfortunately each
time you publish the site you may need to check/alter the processing
script as it may probably be overwritten when you publish.

HTH

On Aug 24, 2009, at 9:41 AM, matt covarr wrote:

Hi

We have a client who has started to receive occasional “spam”
messages via their contact form. The form was set up using the PHP
feedback form action, and can be found on www.robinhurt.com in the
CONTACT section.

The page and the form itself have the anti-spam action applied.
Could anyone suggest what would be causing this or if it could be
the hosting account that it at fault, including any ideas on how to
stop it happening in future.

I have included the message that is being received by the email
address below.

Thanks
Matt Covarr

The email that they are receiving looks like this.

The following information was submitted from a form on www.robinhurt.com
:

Name: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Postal Address: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Telephone Number: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Fax Number: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Email Address: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Comments: ZcrG5Y xtdkygoisqeu</
a>,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Sorry Matt I should add, when I say ‘sent physically’ I mean someone
sending the message themselves but using the ‘web mail form’ on the
site.


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Matt,

I really like your www.robinhurt.com web site. Makes me want to go on
Safari. I was a little disappointed by the lack of photographs on the
site. The only gallery I found was on the Camp Comforts page. Very
nice photos. I was sure I would find a gallery of photos on the
Photographic Safaris page, but no.

I am also curious about the spam email you got. It is pure garbage. If
this is being entered by a real person, then I ask why? Unless it is
an anti-hunting group. If it is an anti-hunting group then searching
for the url,link,http stuff won’t solve the problem, the links in the
email are all garbage and don’t work anyway, so if someone is sending
garbage, they could just send any garbage, not http, etc. Difficult to
detect.

LLE

On Aug 24, 2009, at 3:41 AM, matt covarr wrote:

Hi

We have a client who has started to receive occasional “spam”
messages via their contact form. The form was set up using the PHP
feedback form action, and can be found on www.robinhurt.com in the
CONTACT section.

The page and the form itself have the anti-spam action applied.
Could anyone suggest what would be causing this or if it could be
the hosting account that it at fault, including any ideas on how to
stop it happening in future.

I have included the message that is being received by the email
address below.

Thanks
Matt Covarr

The email that they are receiving looks like this.

The following information was submitted from a form on www.robinhurt.com
:

Name: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Postal Address: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Telephone Number: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Fax Number: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Email Address: ZcrG5Y xtdkygoisqeu,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/
Comments: ZcrG5Y xtdkygoisqeu</
a>,
pibvmkfyervi,
[link=http://vsffnchzqfwu.com/]vsffnchzqfwu[/link], http://lqotbpxkmeao.com/


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

I myself started getting these emails around a year or two ago, that
is when I added ‘[url’ and ‘[http’ as a selection in the badwords menu
in the easiForm action and then applied it for the text I mentioned in
the earlier reply and that stopped it on that form… as time went on
I would start to receive it from one of the other forms (I have around
22 domains) and then blocked it there with the bad words filter of
easiForm, then I started to get them from a third form on a domain.
Some of these domains had a captcha and others not so I basically just
blocked the text using the bad words option on all the domains I had
forms on… now I do not get those sort of messages anymore.

As far as the garbage that is sent, this is something I wondered about
also although it was not always garbage that I got, sometimes it was
pills domains and sometimes it was garbase domains etc… anyway, I
just wanted it stopped and I had my way of doing it. At the end of the
day goodness knows what these people think of or the tricks they try
to get up to, I even thought it might be a kid/s just playing about
with trying to create problems for people (doing it for fun), in other
words they have nothing better to do but to send people this crap ‘but
what the hell, lets just try and be a pain in the…’, to be honest I
just gave up wondering :slight_smile:

On Aug 24, 2009, at 5:40 PM, LLE Freeway wrote:

I am also curious about the spam email you got. It is pure garbage.
If this is being entered by a real person, then I ask why? Unless it
is an anti-hunting group. If it is an anti-hunting group then
searching for the url,link,http stuff won’t solve the problem, the
links in the email are all garbage and don’t work anyway, so if
someone is sending garbage, they could just send any garbage, not
http, etc. Difficult to detect.

LLE


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

I periodically get garbage - no idea why.
Maybe some folk like that sense of knocking anonymously on a door!

regards
Brian

LLE Freeway said recently:

If
this is being entered by a real person, then I ask why?


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Thanks to both of you for the valid comments and help. Mike, your method sounds like my only option here, so will have to go with it and hope that it sorts this issue out.

It does seem strange that the site has been up for nearly a year now and they have only just started to receive these mails.

My concern is that we have a number of other completed sites out there that use forms set up in this way!

Anyway, I’ll apply the suggestions and hope for the best.

Regards
Matt


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

If you do decide to use the action then just make sure your server is
ioncube friendly before you pay for a license, you can set everything
up before hand if you want and make sure all works well before doing
that. If you do then you will also need to select the ‘Advanced’
option in the action so be able to use the Badwords blocker.

As I mentioned before, another option you might have is to alter the
code the FF action generates so it detects the offending emails…
although as I mentioned you may have to redo this each time the site
is uploaded… unless you did it within the actual action!
I haven’t delved into the FF action myself to see the code it
generates but if it is any help then here is an example of one way you
might add to the php code in the processing script of the FF action
creates to ‘simply’ detect the type of spam you are getting, I used
$message_var as the value for the form message, this of course will
probably be different in your form so you would need to alter that to
suite your script.

$bad_words = array("[link", "[url", "http=");
$message_var_temp = $message_var;
$message_var_temp = str_replace($bad_words, '', $message_var_temp);

if ($message_var_temp != $message_var) {
// Generate an error, do not send email.
} else {
// Continue with rest of existing code.
}

The length of time the site is up hasn’t really anything to do with
it, it is when the person ‘or thing’ that does this finds or decides
to try it on the site, some of my sites had been up for a couple of
years before they where ‘found’, others months.

HTH

On Aug 25, 2009, at 8:20 AM, matt covarr wrote:

Thanks to both of you for the valid comments and help. Mike, your
method sounds like my only option here, so will have to go with it
and hope that it sorts this issue out.

It does seem strange that the site has been up for nearly a year now
and they have only just started to receive these mails.

My concern is that we have a number of other completed sites out
there that use forms set up in this way!

Anyway, I’ll apply the suggestions and hope for the best.


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options