cancel
Showing results for 
Search instead for 
Did you mean: 

web email form being spammed

wheelyjon
Newbie
Posts: 4
Registered: ‎03-12-2007

web email form being spammed

Please can you help me. I have an emailing form on a website http://www.torwell.plus.com/torwood/index.htm and the form is being spammed. If I change the email address to which the form goes, the spam immediately goes to the new address. All the spams have very similar senders, eg. oarf@yahoo.com, leivy@aol.com, tarck@gmail.com etc and the subject is always Email from Torwood Web3, or whatever address I choose to use.
I had hoped that using a form with a 'throw away' address would avoid the spam problem. Is there anything that I can do as I am receiving hundreds of spams through the form.
Regards John
Angry
8 REPLIES 8
Alex
Community Veteran
Posts: 5,123
Thanks: 774
Fixes: 12
Registered: ‎05-04-2007

Re: web email form being spammed

John,
I've only dabbled with web sites (well installed php-based software on web spaces really), but I think some kind of Captcha will help. You must have seen them where you have to enter a code from an image which is made hard for a machine to read.
I'm sure someone more knowledgeable on the subject will explain how Smiley
I guess there may be other ways of redesigning the form, but as I say I don't know enough about site design to be of much help there.
Adam1V
Grafter
Posts: 223
Registered: ‎31-07-2007

Re: web email form being spammed

Touch wood, ive yet to be spammed by any of the contact forms I have myself, but im sure its due sometime.
Two things you can do quickly, is replace your contact form for one which uses captcha Here is an example free script, or secondly are you using the force9 Spam filter?
As a business ive enabled this and its been pretty good to us, doesnt catch anything genuine (yet) and catches around 1k emails per week.
shout if you need any help with updating your form.
decomplexity
Rising Star
Posts: 493
Thanks: 26
Registered: ‎30-07-2007

Re: web email form being spammed

Assuming form-filling is being done by an automated 'bot' rather than by a person, a combination of an HTML form with Javasacript obfuscation of the URL which will process the form works well:
Example:
<script type="text/javascript">
function ch1(x){var yy=2;var z=0;var xx="";for(var y=0;y<x.length;y++){z=x.charCodeAt(y);xx+=String.fromCharCode(z-yy);}return xx;}
function obfuscate(x){document.emailform.action = ch1(x);}
</script>
and in the form itself:
<form action="anything" onsubmit="obfuscate('long_meaningless_string')" name="emailform" method="post">
where the Javascript function (suitably amended) and value of "long_meaninglesss_string" come from www.myvasco.com/msb (it does a character-shifting 'Caesar cypher' on the string)
It is easier than it looks to implement - you can use the Javascript without any changes, and it relies on bots not being Javascript aware.
Zen from May 17. PN Business account from 2004 - 2017
samuria
Community Veteran
Posts: 1,577
Thanks: 3
Registered: ‎13-04-2007

Re: web email form being spammed

I have had this done to me the problem is all that is required is for someone to copy the script from the page and run it. The only test thats done is that it comes from a plus net account as far as I know.
I had some sad soul doing it to me for months. You can encrypt your page so they can do  it
dougrice
Rising Star
Posts: 218
Thanks: 1
Fixes: 2
Registered: ‎06-08-2007

Re: web email form being spammed

I had a similar problem and tried a simple bit of JavaScript to set the action for the form.
You have <FORM METHOD="POST" ACTION="http://homepages.plus.net/cgi-bin/form">

I have:
<form name="F1" action="http://cgi.dougrice.plus.com/cgi-bin/guestbook.asp"        method="POST" >
...
</form>
<script>
var F1 = window.document.forms["F1"]
self.document.forms["F1"].action  = "http://ccgi.dougrice.plus.com"
self.document.forms["F1"].action += "/cgi-bin/guestbook.pl"
</script>
This seemed to work as the spammer did not seem to run the javascript.

Cool
wheelyjon
Newbie
Posts: 4
Registered: ‎03-12-2007

Re: web email form being spammed

Thanks everyone for your help. I used to write C but have no experience of Java, so I took the easy route and used a captcha, Thanks Adam1v for the link, it seems to work fine.  When I get a moment, I must start looking at Java.
Thanks again wheelyjon  Grin
Colin
Community Veteran
Posts: 1,264
Registered: ‎04-04-2007

Re: web email form being spammed

Take care to not make the common mistake of confusing Java and Javascript - the two are different beasts Smiley
Wikipeida can probably explain it better tha I can - Java and JavaScript for more information.
jelv
Community Veteran
Posts: 26,786
Thanks: 990
Fixes: 10
Registered: ‎10-04-2007

Re: web email form being spammed

Quite - they have only 4 things in common - the letters J  A  V  A - everything else is different
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)