Spammer using my online feedback form

[2ndmouse]

Hi all

Question for the anti spam experts:

In what seems (to me) to be a pointless exercise, my website's feedback form is being used by the occasional spammer - 4-5 messages per day, which is not a problem to me - the text I receive is not offensive, just a series of links with a very brief description, all links point to subdomains of ikimoc.com

The reason I say it's pointless is that the form simply sends the feedback to my feedback address and no where else, and no auto response. So the spammer only reaches the 1 address where it is deleted on receipt. My server will stop any attempt to use open relay.

The form fields are - name - sender's email addr - title - text, and that's it.

My question: is it possible for a spammer to programmatically include other 'TO' addresses, thereby sending their text to many other addresses?

Or is the spammer simply being as thick as a brick?

Also, I want to add a random number security field to all my forms - can anyone reccomend a freeware script I can use?

Thanks and regards to all

[aos101]

If just one person (you) reads the message, then from the spammers point of view it isn't pointless. Having said that, their script may just be setup to post messages to anything with a form in the hope that it does post to a guestbook or forum where more people might read it. I think really they just try anything possible to get people to read their message. I doubt the spammer is being thick as there is probably no one at the other end. It will just be a bot on a compromised home/business PC somewhere that spends all day posting crap to any web form it can find probably.

It can be possible for a spammer to include other addresses for the email to go to by including/injecting a BCC email header and adding a few return characters (I think that's how it can be done), but it depends on the script that processes the submitted form data. As long as you are using an up to date version of the script and it doesn't have known holes in it you should be fine.

We get the same sort of spam messages in the contact us form on this site. I think we might end up changing to the contact us form provided by the forum software as that has a CAPTCHA image which should help stop the spam bots.

[2ndmouse]

Hi Adam

Thanks for the response. It's the BCC aspect I was worried about. However, as you say, it's probably an unmanned script that's sending the form. I notice on ebay, they have an audio option, where the random number is read aloud by electronic voice. Problem with that one is it would exclude the hard of hearing. Thereagain, a difficult to read random number would exclude those with poor eyesight - there must be a perfect solution somewhere.

Yes, it's the CAPTCHA script I want to add to my forms, but I can't find one that I can integrate easily. Not without replacing the forms.

I'll just have to do some more googling.

Cheers

[2ndmouse]

Thanks for the responses. If anyone else has this problem, here's an interesting link that has answered my questions - cheers

http://www.softswot.com/form-hijacking.php