I have certainly seen this sort of thing before. By having a "captcha" system on the signup page you should at least filter out the automated bots that try to fill out forms with the sort of garbage you are getting, so this should cut down on the problems, but as you have seen it does not stop someone from filling out the form manually and entering "spam" in the fields. I believe they are hoping that what they enter will show up somewhere on the public side of your website. As far as I know, there are three things to watch out for: 1. No form someone can fill out anonymously (such as your sign-up form) should automatically result in what they submit showing up on your website (other than in some admin module where you view what they submitted). This should not be an issue with this form since this form presumably does not result in anything being posted on the website. 2. Even once someone has filled out a form such as this one they should not be able to post anything to your website that shows up on the public side of the website without going through some sort of approval process. 3. The code that handles the form submission should include checks that makes sure someone cannot damage your website by inserting malicious code in any of the fields. If your website is built on one of the standard content management systems (e.g. WordPress or Drupal) this should have been addressed by whomever built the form module. If it is a custom-built form then this would be something to check with the developer about. However, from the sounds of it the "spam" you are getting is stuff the person who submitted it hoped would show up somewhere on the public side of your website, not stuff designed to attack your website directly. As far as I know, these are the most likely ways someone could try to use a form to harm your website. As far as them sending email, someone can always spoof the headers on an email to make it look like it is coming from your website but they do not need access to your website to do this. To actually relay email via your website so it really is coming from your website would require breaking into the back end. You could probably put in some more checks in the code that processes the form that would try to filter out the kind of stuff you are getting but it is probably not worth it unless you are getting a whole lot of it. Bruce -----Original Message----- From: hidden-discuss-bounces at lists.hidden-tech.net [mailto:hidden-discuss-bounces at lists.hidden-tech.net] On Behalf Of Videatives Sent: Friday, October 28, 2011 6:35 AM To: Hidden-Tech Tech Subject: [Hidden-tech] Spammers piggy backing on my website ** Be sure to fill out the survey/skills inventory in the member's area. ** If you did, we all thank you. Hello Hidden Techers, Has anyone had a problem with spammers piggy-backing on your websites? I have a video library subscription service at www.videatives.com . Anyone who wants to can open a 14 day trial subscription. For the pass few weeks I have been getting about six new subscribers who embed a message in their sign-up form about lacy hair wigs. There is often some stylized text about what a good article they found on some website. The email addresses look weird and the password is always "super123." I have been deleting these particular "subscribers" as soon as they come it, but it is like cutting off one head of The Hydra. Currently the problem is more a nuisance, but I worry that some sort of spam is being sent out into the world with my web address on it or eventually my website will become corrupted. Does anyone have ideas about what is gong on, how I can stop it, and should I be worried. Thanks, George E. Forman President, Videatives Amherst, Massachusetts _______________________________________________ Hidden-discuss mailing list - home page: http://www.hidden-tech.net Hidden-discuss at lists.hidden-tech.net You are receiving this because you are on the Hidden-Tech Discussion list. If you would like to change your list preferences, Go to the Members page on the Hidden Tech Web site. http://www.hidden-tech.net/members