1
talunceford
Getting Spammed through contactus module LOL!!!

Now let me tell you, spammers are resorting to any means possible. I got this email this morning from MY web site. It seems like they used the contactus module to send a spammail to my webmaster account. JEESH!!
phentermine submitted the following Information:
Email buy@my.phentermine.com
URL http
://www.order-phentermine-now.com
ICQ phentermine
Company phentermine
Location phentermine
Comments

Hi
Nice site =)
If 
you are interested in ordering pharmacy online here are some links for U:
 
<
a href=http://www.cheap-phentermine-here.com>http://www.cheap-phentermine-here.com 
<a href=http://www.adipex-online-here.com>http://www.adipex-online-here.com 
<a href=http://www.buy-phentermine-online-here.com>http://www.buy-phentermine-online-here.com 
<a href=http://www.order-phentermine-now.com>http://www.order-phentermine-now.com 
<a href=http://www.online-soma-here.com>http://www.online-soma-here.com 
<a href=http://www.buy-soma-here.com>http://www.buy-soma-here.com 
<a href=http://www.cheap-fioricet-here.com>http://www.cheap-fioricet-here.com 
<a href=http://www.buy-fioricet-here.com>http://www.buy-fioricet-here.com 
<a href=http://www.order-fioricet-now.com>http://www.order-fioricet-now.com 
<a href=http://www.fioricet-online-here.com>http://www.fioricet-online-here.com 
<a href=http://www.cheap-adipex-here.com>http://www.cheap-adipex-here.com 
<a href=http://www.order-adipex-now.com>http://www.order-adipex-now.com 
<a href=http://www.phentermineonline-1.com>http://www.phentermineonline-1.com 
<a href=http://www.cheapphentermine-1.com>http://www.cheapphentermine-1.com 
<a href=http://www.buyphentermine-1.com>http://www.buyphentermine-1.com
Good luck!

Mozilla/4.0 (compatibleMSIE 5.5Windows 98)


Needless to say, that IP addy, is going to get banned!!

We need to think of a way to prevent this. That is if there is a way.

2
Burnzy
Re: Getting Spammed through contactus module LOL!!!
  • 2005/1/24 15:26

  • Burnzy

  • Just popping in

  • Posts: 75

  • Since: 2005/1/23


there is no way to prevent it. That really isnt a spam mail, it is junk mail. Well if ur site is popular it will happen. The only way to do anything about it is add an ip send in the form going to the email.

I created a contact us form and it sent the ip in my email.

Here is what the contact form looks like:


Email Form 






$ipi getenv("REMOTE_ADDR");
$httprefi getenv ("HTTP_REFERER");
$httpagenti getenv ("HTTP_USER_AGENT");
?>

echo $ipi ?>">
echo $httprefi ?>">
echo $httpagenti ?>">


Your Name:* 




Your Email:*


 
Copy Sender ? No   Yes  



Subject:*


General Support
Ordering Support
Technical Support
Templates Support
Application
Webmaster




Mail Message:*



Required*



 
 
 








And here is the sendeail:


Sendemail Script



 

                       $myemail "burnzy@burnsdesign.org";
                       
$badinput "

Feedback was NOT submitted

n"


if(!
$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,"."))) 
{
echo 
"

Use Back - Enter valid e-mail

n"

echo 
$badinput;
}
if(empty(
$visitor) || empty($visitormail) || empty($notes )) {
echo 
"

Use Back - fill in all fields

n"
;
echo 
$badinput;
}


$todayis date("l, F j, Y, g:i a") ;

$attn $attn "(" $ccopy ")" 
$subject $attn

$notes stripcslashes($notes); 

$message $todayis [EST] n
Subject: 
$attn n
Message: 
$notes n 
From: 
$visitor ($visitormail)n
IP: 
$ip n
Browser Info: 
$httpagent n
"
;

$from "From: $visitormailrn";

if (
$myemail != ""
mail($myemail$subject$message$from);

if ((
$ccopy == "ccyes") && ($visitormail != "")) 
mail($visitormail$subject$message$from);

?>


Date: echo $todayis ?> 


Thank You : echo $visitor ?> ( echo $visitormail ?> ) 



Subject: echo $attn ?>

 
Message: echo $notes ?>


echo $ip ?> 




 Back to Contact Form 



3
talunceford
Re: Getting Spammed through contactus module LOL!!!

Thanks for the reply, Ill add that. At least I can ban the ip addy.

4
limecity
Re: Getting Spammed through contactus module LOL!!!
  • 2005/1/24 15:49

  • limecity

  • Friend of XOOPS

  • Posts: 1602

  • Since: 2003/7/6 0


I got the same problem last time.
some visitors abuse the contact form. sending crap to my email.

I used the ip technique but didn't work.
so i end up closing the module for members only. after 1-2 weeks, i open the contact form to non members and there wasn't anymore abuse.

I same got the same pharmacy and medicine spam mail. I did submit the site to anti-spam report site. Hopefully, they will get blacklisted and somehow get close down.

5
stuie200
Re: Getting Spammed through contactus module LOL!!!
  • 2005/1/24 15:59

  • stuie200

  • Friend of XOOPS

  • Posts: 161

  • Since: 2004/1/4 2


These guys wont rest. They have used the contact us form on my site and left 4 entries in my guestbook which where promptly removed.

Looks like they will be around for a while looking at the way they are spamming people at the moment.

IP ban already in action for these.

6
Peekay
Re: Getting Spammed through contactus module LOL!!!
  • 2005/1/24 18:08

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Burnzy, many thanks for the enquiry form, but I found it didn't correctly return the IP address dynamically allocated to my router by our ISP. I tracked down a similar script (onlyip) and replaced this part:
$ipi getenv("REMOTE_ADDR");
$httprefi getenv ("HTTP_REFERER");
$httpagenti getenv ("HTTP_USER_AGENT");
?>

with this from the onlyip script:
if (getenv('HTTP_X_FORWARDED_FOR')){$ipi=getenv('HTTP_X_FORWARDED_FOR');} else {$ipi=getenv('REMOTE_ADDR');}
$httprefi getenv ("HTTP_REFERER");
$httpagenti getenv ("HTTP_USER_AGENT");
?>

and it now returns my router IP correctly.

I confess I am a little confused as the dynamic address for the router is correctly identified by http://www.checkip.dyndns.org and http://www.showmyip.com, but I get a completely different result from the original form script and http://www.whatismyip.com.

Would welcome anyone's greater wisdom on this, as I don't want to bar the wrong IP addresses.

7
Peekay
Re: Getting Spammed through contactus module LOL!!!
  • 2005/1/25 0:45

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Since discovered that the original script (and whatismyip.com) is identifying the IP of my NTL proxy server. Don't want to ban that... 'cos a lot of people use it as well as me!

8
panigrc
Re: Getting Spammed through contactus module LOL!!!
  • 2005/6/16 14:13

  • panigrc

  • Not too shy to talk

  • Posts: 133

  • Since: 2005/4/14


I have also the same problem. Perhaps if there was a verification with an image.

For example an image shows a shape and u select from a list, or with a number or so.

9
davidthomas1
Re: Getting Spammed through contactus module LOL!!!

Yes, that kind of image validation would prevent scripts sending spam and junk email via the contacts form.

The kind where text is rendered as an image and you have to enter the text to confirm you're not a script.

I wonder :

a) If such a plugin is available
b) how you can plug it into the contacts form?

hmmm...

10
DonXoop
Re: Getting Spammed through contactus module LOL!!!

I don't understand the panic over the occasional contact form spam. If the process of spamming isn't automated then it won't happen too often. I too have seen a few of them but it is rare. I'd likely upset real users if I forced image security just for a simple contact form. Other functions could benefit from higer security but the contact form is supposed to be easy. Forms are still much better than publishing email addresses.

Login

Who's Online

422 user(s) are online (297 user(s) are browsing Support Forums)


Members: 0


Guests: 422


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits