[Pro] Spam. Again and again. And again.

JonH · September 1, 2017, 9:28am

I’m using the PHP Feedback Form on a page, spam trap box clicked. Unfortunately spams are pouring in from 59a8acbab9412e and all of his brothers and sisters.

But here’s the thing: When I try to stop this menace by changing my recipient address from say ngo£example.com to gone£example.com it only takes minutes before they start pouring in again.

I do have a spam box where they all arrive, but it is very frustrating to have to go through all these looking for possible legitimate post.

Any suggestions out there for reasons? And solutions?

freewaytalk mailing list
email@hidden
Update your subscriptions at:

waltd · September 1, 2017, 11:33pm

One thing that will put them off for a few minutes longer is to rename the page that has your contact form on it (change the file name, not the page title). That changes the URL that they memorized, and are replaying over and over with a script. But it won’t take them long to crawl your site and find the form again. Once they have it memorized, they don’t even have to visit your site to send you mail like this. If you have the spam trap on, then this also means that they have figured out the “honeypot” field trick, and are not submitting that. You may even be under attack from the well-known “room full of poorly paid people” technique, and there is no good solution to that, I am afraid. Even the Google “I am not a robot” tool won’t stop that one.

Walter

On Sep 1, 2017, at 5:28 AM, Jon H email@hidden wrote:

I’m using the PHP Feedback Form on a page, spam trap box clicked. Unfortunately spams are pouring in from 59a8acbab9412e and all of his brothers and sisters.

But here’s the thing: When I try to stop this menace by changing my recipient address from say ngo£example.com to gone£example.com it only takes minutes before they start pouring in again.

I do have a spam box where they all arrive, but it is very frustrating to have to go through all these looking for possible legitimate post.

Any suggestions out there for reasons? And solutions?

freewaytalk mailing list
email@hidden
Update your subscriptions at:
Information for existing FreewayTalk / Groups.io users - Site Feedback - Softpress Talk

freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

carla · September 1, 2017, 11:38pm

Hi Jon… I have had this same problem and was forced to remove the feedback form on my own website… I have no idea if my clients are getting spammed like this as they have not told me… as I am not a recipient… I have alerted Tim Plumb about this

and my spammers have this same numbers as you… odd right?

freewaytalk mailing list
email@hidden
Update your subscriptions at:

JonH · September 5, 2017, 8:12am

Changed file name. 2880 minutes and counting, Walter.

freewaytalk mailing list
email@hidden
Update your subscriptions at:

davedesigner · September 5, 2017, 3:06pm

Jon,

Just a thought, are you sure these replies are being created by the Freeway form/script and not coming direct to you?

David Owen { Freeway Friendly Web hosting and Domains }

On 5 Sep 2017, at 09:12, Jon H email@hidden wrote:

Changed file name. 2880 minutes and counting, Walter.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
Information for existing FreewayTalk / Groups.io users - Site Feedback - Softpress Talk

freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

JonH · September 5, 2017, 3:20pm

I suppose my last post could have been understood as the opposite of what I wanted to say, which was: No spam so far after I changed the file name. Which I presume has something to do with the form and where it resides and not anything else.

4320 minutes. And counting…

freewaytalk mailing list
email@hidden
Update your subscriptions at:

waltd · September 5, 2017, 4:19pm

This pretty well confirms what I imagined the attack vector was:

You create a form on a page, and apply the Simple Form Action to it.
Freeway generates a form handler, with the filename of that handler dependent on the filename of the form page.
Any POST (or GET, if you’ve configured it that way) to the handler containing all the “real” fields required (and not containing the “honeypot” field) will be converted to a mail message.

So after step 3, any spammer who has found out what the combination is can set a script to work sending POST after POST to that script, full of either complete crap (because they wish to annoy you) or crap plus loads of URLs (to get people to click on ads in order for them to make money).

The recommendation I made to Jon was to rename his form page. This makes the form handler script have a different filename, and that severs the loop, since the script would have to go back to Jon’s site and figure out where the form handler moved to.

A possible fix for this would require some scripting on the form page itself (which is currently, by design, just HTML) so that it could add a shared secret of some sort which changes frequently, and without which the form handler won’t bother sending mail. I don’t have any brighter ideas than that, but perhaps someone could run with that.

The benefit to how the current system works is that the form page can be previewed directly in Freeway or a local browser – you don’t need to upload to a server running PHP in order to see the design. So whatever the technical fix is ought to retain that, without leaking the secret sauce (as a JavaScript would do) into user space.

Freeway cannot create a “dot file” (a file with only an extension, like .htaccess), so any server-side solution which leveraged PHP and Apache to rewrite the HTML on the fly would need to include some steep instructions on how to create a proper .htaccess file. (The uptake rate of Inlay among Freeway users would suggest this is a tall order.)

I’m hoping someone else has a bright idea, because the ones I can think of also require some “devops” skills that are definitely not WYSIWYG.

Walter

On Sep 5, 2017, at 11:20 AM, Jon H email@hidden wrote:

I suppose my last post could have been understood as the opposite of what I wanted to say, which was: No spam so far after I changed the file name. Which I presume has something to do with the form and where it resides and not anything else.

4320 minutes. And counting…

freewaytalk mailing list
email@hidden
Update your subscriptions at:
Information for existing FreewayTalk / Groups.io users - Site Feedback - Softpress Talk

freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options