Hi,
I wonder if you would look at the header of this email. Someone goes to my form site with this latest formmail script on it and puts long lists of subdomains.
Quote:
Return-Path:
Delivered-To: eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%33%37%2d%66%6f%72%6d%73%40%64%65%73%69%67%6e%68%6f%73%74%69%6e%67%2e%62%69%7a%22%3e%33%37%2d%66%6f%72%6d%73%40%64%65%73%69%67%6e%68%6f%73%74%69%6e%67%2e%62%69%7a%3c%2f%61%3e%27%29%3b'))
Received: (qmail 19061 invoked by uid 10063); 28 Aug 2006 23:08:20 -0500
Received: from 127.0.0.1 by godslove.designhosting.biz (envelope-from , uid 48) with qmail-scanner-2.01st
(clamdscan: 0.88.3/1742. spamassassin: 3.1.3. perlscan: 2.01st.
Clear:RC:1(127.0.0.1):.
Processed in 0.037486 secs); 29 Aug 2006 04:08:20 -0000
Date: 28 Aug 2006 23:08:19 -0500
Message-ID: <20060829040819.19052.qmail@godslove.designhosting.biz>
From: eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%61%6e%6f%6e%79%6d%6f%75%73%40%67%6f%64%73%6c%6f%76%65%2e%64%65%73%69%67%6e%68%6f%73%74%69%6e%67%2e%62%69%7a%22%3e%61%6e%6f%6e%79%6d%6f%75%73%40%67%6f%64%73%6c%6f%76%65%2e%64%65%73%69%67%6e%68%6f%73%74%69%6e%67%2e%62%69%7a%3c%2f%61%3e%27%29%3b'))
To: eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%66%6f%72%6d%73%40%64%65%73%69%67%6e%68%6f%73%74%69%6e%67%2e%62%69%7a%22%3e%66%6f%72%6d%73%40%64%65%73%69%67%6e%68%6f%73%74%69%6e%67%2e%62%69%7a%3c%2f%61%3e%27%29%3b'))
Subject: hello
Reply-to: eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6b%6b%6c%73%39%37%66%40%6d%61%69%6c%6d%61%69%6c%2e%63%6f%6d%22%3e%6b%6b%6c%73%39%37%66%40%6d%61%69%6c%6d%61%69%6c%2e%63%6f%6d%3c%2f%61%3e%27%29%3b'))
X-Priority: 3
X-Mailer: PHPFormMail Classic v1.07.2 (http://www.boaddrink.com)
X-Sender-IP: 80.58.205.40
X-Referer: http://www.designhosting.biz/policy/../order.html
Content-Type: text/plain; charset=utf-8
X-Qmail-Scanner-2.01st: added fake MIME-Version header
MIME-Version: 1.0
How would I stop something like this?
php formmail is being spammed
Currently, there isn't a canned way to do this. In the near future I'll be working on stopping this. The good news is they aren't using your form to spam the world, just you (well, just the email addresses you're allowing your formmail to go to.) If you're using the recipient array then they don't even know your email address.
-Andrew Riley
php formmail is being spammed
Thank you!
Yes I do use the recipient array.
php formmail is being spammed
One thing to immediately do is to rename the script from "formmail.php" to something else.
I also added CAPTCHA to my form.
I haven't received formmail spam in over a month now.
php formmail is being spammed
What is CAPTCHA?
php formmail is being spammed
http://en.wikipedia.org/wiki/Captcha
php formmail is being spammed
I changed to a cgi form...my customers were getting spammed with this one even after changing the name of it.
Has there been any success
Has there been any success keeping the spammers from submitting the form in the past 2 years?
Overall, this has been a great form, Andrew. I appreciate the work you put into it.
In all honesty, the few times *my* form has been spammed haven't bothered me all that much, but I've installed the form on a client's website and it's bugging him. (v 1.07.2, using referrers and recipient arrays)
I haven't investigated using a Captcha on it yet.
It has occurred to me that the bots may probably be looking only at certain typical naming schemes, like "contact.html". Hmmm... The reason I think that is that my client has an "estimate request" form on nearly every page of his site, but on the contact form has been spammed.
Is there a simple way to make sure no links, line breaks or carriage returns are inserted into the fields? That seems to be the goal of the spammers, to send links. I'm great at copying and pasting code, not particularly good at writing it (I am getting better, though.) None of my forms really have any legitimate reason to have links in them.