Spam from FrontPage forms

M

Mark

Hi,

I have a customer that hosts a small FrontPage 2003 web site on a Windows
2003
server (IIS 6). The site has a couple of "survey" pages where users can
enter comments in a form that are then forwarded via email. Recently I've
started to see spam coming from these forms. An example is below. Are there
now bots that submit spam to forms? What is the simplest way to prevent
this?

Thanks,

Mark Berry

ClassUse: ConsideringVisit
Name: britneysmama
Email: (e-mail address removed)
Remote Name: 81.95.146.126
Remote User:
HTTP User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; KTXN)
Date: 07/26/2007
Time: 02:57 PM
Comments:
<img>http://www.babylon-x.com/updated/news/britney_spears_2.jpg</img>
<img>http://www.babylon-x.com/updated/news/britney_spears_1.jpg</img>

(A couple hundred lines of spam links follows.)
 
C

Corey Bryant

I would first stop using FP to process it. The email address is "public" to
the spambots when they view the source code.

CAPTCHA has worked well for some people and also using sessions on the forms
as well.

Check to see if you are on a *NIX or Windows. Then if Windows, see if you
can use something like JMail, ASPMail, ASPEMail, etc
 
M

Mark

Thanks Corey. And here I thought the forms were safe because they didn't
display the email address!

CAPTCHA is probably not an option here since these are quick voluntary
surveys. Having to enter weird characters would put people off responding.

You mention some ActiveX products for emailing from a form. On a related
topic, do you also have a recommendation for product(s) to actually display
an email address on the site yet hide them from bots? Maybe Jimco Spam
Spoiler?

Thanks very much,

Mark
 
C

Corey Bryant

If you look at the source code from the browser, you will see the email
address.

Not too sure about the ActiveX, but sessions are also a possibility if you
were to switch to a server side language like ASP, .NET, PHP. This would
hide the email address since it would not be shown and then you could use
sessions to validate that it is coming from the correct place.

You could also just block certain Class C IPs as well that are known to spam
 
M

Mark

Thanks all.

I found a quick and dirty solution to stop the form-based spam for now. I
added a fixed string that the survey user must copy into a field, then used
FrontPage validation to make sure the correct string is entered. It's not
CAPTCHA, it's not hard to read, it's not foolproof, but hey, it stopped that
one annoying bot we've had to date!

I'll have to look into these options for hiding email addresses.

Mark
 
M

Mark

Thanks Corey!

Corey Bryant said:
If you look at the source code from the browser, you will see the email
address.

Not too sure about the ActiveX, but sessions are also a possibility if you
were to switch to a server side language like ASP, .NET, PHP. This would
hide the email address since it would not be shown and then you could use
sessions to validate that it is coming from the correct place.

You could also just block certain Class C IPs as well that are known to
spam
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top