[Hidden-tech] Spammers piggy backing on my website

Bruce Hooke bghooke at att.net
Sat Oct 29 00:31:38 EDT 2011


I have certainly seen this sort of thing before. By having a "captcha"
system on the signup page you should at least filter out the automated bots
that try to fill out forms with the sort of garbage you are getting, so this
should cut down on the problems, but as you have seen it does not stop
someone from filling out the form manually and entering "spam" in the
fields. I believe they are hoping that what they enter will show up
somewhere on the public side of your website.  

As far as I know, there are three things to watch out for:

1. No form someone can fill out anonymously (such as your sign-up form)
should automatically result in what they submit showing up on your website
(other than in some admin module where you view what they submitted). This
should not be an issue with this form since this form presumably does not
result in anything being posted on the website.

2. Even once someone has filled out a form such as this one they should not
be able to post anything to your website that shows up on the public side of
the website without going through some sort of approval process.

3. The code that handles the form submission should include checks that
makes sure someone cannot damage your website by inserting malicious code in
any of the fields. If your website is built on one of the standard content
management systems (e.g. WordPress or Drupal) this should have been
addressed by whomever built the form module. If it is a custom-built form
then this would be something to check with the developer about. However,
from the sounds of it the "spam" you are getting is stuff the person who
submitted it hoped would show up somewhere on the public side of your
website, not stuff designed to attack your website directly.

As far as I know, these are the most likely ways someone could try to use a
form to harm your website.   

As far as them sending email, someone can always spoof the headers on an
email to make it look like it is coming from your website but they do not
need access to your website to do this. To actually relay email via your
website so it really is coming from your website would require breaking into
the back end. 

You could probably put in some more checks in the code that processes the
form that would try to filter out the kind of stuff you are getting but it
is probably not worth it unless you are getting a whole lot of it.

Bruce

-----Original Message-----
From: hidden-discuss-bounces at lists.hidden-tech.net
[mailto:hidden-discuss-bounces at lists.hidden-tech.net] On Behalf Of
Videatives
Sent: Friday, October 28, 2011 6:35 AM
To: Hidden-Tech Tech
Subject: [Hidden-tech] Spammers piggy backing on my website

   ** Be sure to fill out the survey/skills inventory in the member's area.
   ** If you did, we all thank you.


Hello Hidden Techers,

Has anyone had a problem with spammers piggy-backing on your websites?  I
have a video library subscription service at www.videatives.com .
Anyone who wants to can open a 14 day trial subscription.  For the pass few
weeks I have been getting about six new subscribers who embed a message in
their sign-up form about lacy hair wigs.  There is often some  
stylized text about what a good article they found on some website.   
The email addresses look weird
and the password is always "super123."   I have been deleting these  
particular "subscribers" as soon as they come it, but it is like cutting off
one head of The Hydra.

Currently the problem is more a nuisance, but I worry that some sort of spam
is being sent out into the world with my web address on it or eventually my
website will become corrupted.

Does anyone have ideas about what is gong on, how I can stop it, and should
I be worried.

Thanks,

George E. Forman
President, Videatives
Amherst, Massachusetts
_______________________________________________
Hidden-discuss mailing list - home page: http://www.hidden-tech.net
Hidden-discuss at lists.hidden-tech.net

You are receiving this because you are on the Hidden-Tech Discussion list.
If you would like to change your list preferences, Go to the Members   
page on the Hidden Tech Web site.
http://www.hidden-tech.net/members



Google

More information about the Hidden-discuss mailing list