Stopping Spammers from Abusing Your Forms

From SuperbHosting.net Support Wiki

Jump to: navigation, search

It is well known that many feedback forms are currently being hijacked by spammers. Consequently, the servers processing the e-mail are overwhelmed with the amount of spam e-mail. Furthermore, IPs of these servers are blacklisted by the companies receiving these spams. It is in everyone's best interest to work together and try and remedy this rampant problem. Here are some of the steps clients can take:

  1. If you are using your own version of formmail.pl, please use our version of formmail instead. We have added some security features to it that makes it better. Furthermore, we call it by a different name. Please inquire about this with our support team.
  2. If you still insist on using your version of formmail, please upgrade it to the latest and rename it to something obscure so that spammers cannot find it. Example, call it awx923.cgi
  3. If you are using ASP or PHP, you need to be aware of code injection attacks. Code injection can take place to all forms of scripts not just mail form, but in bulk e-mail disemmination is where the incentive lies for spammers.
  4. Ensure that you include codes that check for valid input entries and do limit the amount of information that can be entered into a field or a text area. Even if your form is hijacked, the damage will be less severe.
  5. We strongly recommend not to use autoresponder to acknowlegde the receipt of a submission. Even though as a courtesy, we all like to be acknowledged, spammers can quickly turn this to their advantage.
  6. Use an image challenge-response system such as CAPTCHA to deter spambots from abusing your form but allow human to easily use it. We have implemented our own version of this. You can find it in your myCP control panel.

Do NOT use auto-responder in forms

Spammers will take advantage of your autoresponding feature to distribute their spams. There are a variety of tricks spammers can use even if autoresponding feature is not used. However, with auto-responder, all they do is enter multiple e-mail addresses in the e-mail address fields of your form and their own HTML content in the comment area.

When the spammer submits the form, the result is that innocent recipients (who you do not know and they do not know you) will receive spam e-mail courtesy of your form. Therefore, we strongly suggest that you do NOT use the auto-respond features for form e-mail.

Retrieved from "http://www.superbhosting.net/support-wiki/Stopping_Spammers_from_Abusing_Your_Forms"
Personal tools