Spam and Porn issues

[*Mike*]

To think, HotHolly mentions that she's having a problem with porn and the thread just takes off...

[ShaneKislack]

Sorry, but spam bots figured out my contact generator within the first month. It's was fairly complex too with a requirement to pick a subject.

[markfh]

Quote:

Originally Posted by CalebSimpson

Webforms are VERY bad unless they are VERY secure.
I was recently using a "secure" PHP form for clients to contact me on my website. The script was hacked and used to SEND OUT massive amounts of spam to other people. I got all the bounce backs too, so I got about 1,000 emails in my box a day for three days straight. The third day I was fed up and tech support on my server was not to helpful. It sucked because I had to totally remove the form as well.

The server techs found out my PHP form was being used as a base to send out spoofed emails. They had some sort of secure form I can use but I have not looked much further in to it. If you are going to publish your email on the web in any form you WILL get spam, there is no way around it. So get a good spam filter, and don't use forms unless you know for sure they are secure.

I'll definitely agree with this except for one thing. The form is YOUR responsibility since it is part of your web site. Not the hosting company.

To be as secure as it can possibly be your form must not allow any control characters be entered into any variable fields.

I don't care if you have hard coded fields or not if you allow just anything to be entered into your form it can be seized and used to send spam.

This last weekend we tested a new form put up by a web design company that we had already warned and with just a little effort we were able to change the hard coded To: and Subject: fields and add CC and BCC fields.

To illustrate how insecure their "secure" form was we sent them 100 spam messages. (that's because the design company got nasty with us)...

Oh, and we also managed to completely replace their PHP script with pure html.

We have removed many forms scripts from web sites because the developers did not secure them. Some of the web site owners have contracted us to rewrite their forms because their "developers" didn't have a clue.

At the server level, as a hosting company, we limit the number of emails that can be sent from any form. If the form attempts to exceed the limit we remove the form.

Needless to say this doesn't make some clients happy having their forms shut down but that's what needs to be done to ensure that our other clients aren't impacted.

Here's a site that can give you a brief overview of the problem.

http://www.anders.com/projects/sysad...PostHijacking/

[d2creative]

What's wrong with porn?