Form Spammed

• kinch

  I have a form I have deleted from a site that continues to get spammed. I use Brainjar formmail for asp.

  But the forms no longer on the server, how do they do it?

  kinch

  Flag

• sureshot0

  hi and welcome

  to be honest I have no clue whatsever. sorry

  sureshot 0Permalink

  UpvoteDownvote

  Dogear

  Flag

  Show [[ numHiddenNotes ]] more notesAdd Note

  SaveCancel

• gabriel20

  Are you sure it's the form script that's spamming or could it just be the spammer using the same info in the return address/subject etc?

  gabriel2 0Permalink

  UpvoteDownvote

  Dogear

  Flag

  Show [[ numHiddenNotes ]] more notesAdd Note

  SaveCancel

• kinch0

  It is definitely coming through my form processing script, all the fields are there, and in one text box are fifty libnks for car dealerships.

  It's driving me nuts!

  kinch 0Permalink

  UpvoteDownvote

  Dogear

  Flag

  Show [[ numHiddenNotes ]] more notesAdd Note

  SaveCancel

• jox0

  Take the hint. You need a new ride!

  jox 0Permalink

  UpvoteDownvote

  Dogear

  Flag

  Show [[ numHiddenNotes ]] more notesAdd Note

  SaveCancel

• kinch0

  My car does sort of smell funny, you think it has something to do with that?

  kinch 0Permalink

  UpvoteDownvote

  Dogear

  Flag

  Show [[ numHiddenNotes ]] more notesAdd Note

  SaveCancel

• gabriel20

  I guess I don't understand how the form script can still be used if you've removed the script from the server. If the actual send mail script is still there you might want to either try changing variable names or filtering for submissions coming from forms not on your server.

  gabriel2 0Permalink

  UpvoteDownvote

  Dogear

  Flag

  Show [[ numHiddenNotes ]] more notesAdd Note

  SaveCancel

• kinch0

  gabriel2,

  that was my theory as well, that some shmuck had downloaded my form before I deleted it. There is a filter on the script. The only thing I can imagine now is that its doesn't work.

  k

  kinch 0Permalink

  UpvoteDownvote

  Dogear

  Flag

  Show [[ numHiddenNotes ]] more notesAdd Note

  SaveCancel

• Shimmer0

  Do you have the referers variable set in the formmail ASP? If not, your script is open to requests from any host.

  Shimmer 0Permalink

  UpvoteDownvote

  Dogear

  Flag

  Show [[ numHiddenNotes ]] more notesAdd Note

  SaveCancel

• kinch0

  Shimmer,

  I did, it didn't seem to help. I'm not an asp guy, so I was just sticking my urls into the array. I had to take the referers out again later because my forms wouldn't work in some browsers.

  Is there another way around that?

  kinch 0Permalink

  UpvoteDownvote

  Dogear

  Flag

  Show [[ numHiddenNotes ]] more notesAdd Note

  SaveCancel

• Shimmer0

  Some browsers block the referrer header, so it's a no-go for those browsers. No real way around that unfortunately. You're either open to everyone, or non functional in some scenarios.

  The only thing I can think of to immediately remedy is set custom variable requirements in the ASP & form. Even then, the spammer just has to come back and check your form code again to get those variables. A short term solution at best...

  Maybe check the logfiles to get the referrer of the spammer and then exclude posts from them? Not exactly the easiest solution if you're not an ASP guy, I know... :S

  Shimmer 0Permalink

  UpvoteDownvote

  Dogear

  Flag

  Show [[ numHiddenNotes ]] more notesAdd Note

  SaveCancel

• Shimmer0

  One last thought, include captchas: http://www.webproworld.com/web-p…

  Shimmer 0Permalink

  UpvoteDownvote

  Dogear

  Flag

  Show [[ numHiddenNotes ]] more notesAdd Note

  SaveCancel