Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Protect ASP Contact form from being hi-jacked by spammers

Posted on 2006-04-02
8
Medium Priority
?
233 Views
Last Modified: 2008-03-17
Well,

I posted this question a little while back here:
http://www.experts-exchange.com/Web/Web_Languages/ASP/Q_21779509.html

It seemed like it worked and I awarded the points but unfortunately it happened again.  Last night the same problem happened.

Is there ANY way to stop this from happening????

Thanks again,

-webdude
0
Comment
Question by:webdude
  • 5
  • 3
8 Comments
 
LVL 8

Expert Comment

by:esw074
ID: 16355088
Do you know for sure that it was successful, or was it just attempted?  Keep in mind that an attempt will still send an email to the script's default mail recipient with the attempted hijack displayed in the message subject and body.  Realistically, if the user input is filtered on the server side before the information is passed to the script, then it's not really possible for a spammer to hijack it.  If you're unsure about the implementation, post your whole script.
0
 

Author Comment

by:webdude
ID: 16355110
So how can I tell if its an attempt or a success?  I received 4 emails (which I think my host limits it to that), just like I receieved 4 last time too.  How can I tell if 4,000 emails were sent out or how many ever the scriot sends?
0
 
LVL 8

Expert Comment

by:esw074
ID: 16355123
If you see "BCC" and/or other email addresses in the message body, then the attempt was unsuccessful.  If the formatting looks correct in the email, then there's still something wrong.  
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:webdude
ID: 16355214
actually I deleted the emails and deleted them from the deleted items folder too in case anything contained a virus ;(

well, if it happens again I guess I will keep watch on that..

if interested, I just posted a different questions here:
http://www.experts-exchange.com/Web/Web_Languages/ASP/Q_21798543.html

Should be some fast easy points for you! ;)
0
 

Author Comment

by:webdude
ID: 16359932
Got 2 more spams this morning.  Here is a copy / paste of one esw.  (myserver.com was used in place of my real domain)

************************************************

Contact Name: manoover2972@myserver.com

Title: he
Content-Type: multipart/alternative;
boundary=a8b3310f5b0505eda2bff6c0f84734edMIME-Version:1.0
Subject: watch them they are true moralists. t isbcc:magnetic54@SexMagnet.com
 
This is a multi-part message in MIME format.--a8b3310f5b0505eda2bff6c0f84734edContent-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0Content-Transfer-Encoding:7bit
 
s etters were the subject of conversation, and now the conversation took the same direction. t was often renewed. tto was a very frequent guest--a8b3310f5b0505eda2bff6c0f84734ed--.Company: manoover2972@myserver.com

E-Mail: manoover2972@myserver.com

Phone: manoover2972@myserver.com

Contact By: manoover2972@myserver.com

Comments: manoover2972@myserver.com


************************************************

My form only asks for the 5 fields:

Contact Name:

E-Mail:

Phone:

Contact By:

Comments:


so the stuff in the middle is beyond me.  So since there is no BCC field, does that mean it is being sent out to multiple places using my domain?

0
 

Author Comment

by:webdude
ID: 16359950
Actually missed this line that has bcc in it.

Subject: watch them they are true moralists. t isbcc:magnetic54@SexMagnet.com

but its isbcc: not bcc:

that matter?
0
 
LVL 8

Accepted Solution

by:
esw074 earned 500 total points
ID: 16360915
Hi Webdude-

You're seeing the "BCC" in the subject line because their attempt to insert a line break there failed.  This was a test to see if they could send the form to themselves at the "magnetic54@SexMagnet.com" address, forcing the BCC into the header.  Typically you'll see someone test it a couple of times and then move on when it doesn't work.  As long as you're filtering your input to the mail script with that regex, nothing is going to get through.  
0
 

Author Comment

by:webdude
ID: 16365823
ok, then you get more points from me ;)

thanks again for the confirmation.

Now all you havr to do is help me on this one:
http://www.experts-exchange.com/Web/Web_Languages/ASP/Q_21798543.html


;)
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question