Protect ASP Contact form from being hi-jacked by spammers

Well,

I posted this question a little while back here:
http://www.experts-exchange.com/Web/Web_Languages/ASP/Q_21779509.html

It seemed like it worked and I awarded the points but unfortunately it happened again.  Last night the same problem happened.

Is there ANY way to stop this from happening????

Thanks again,

-webdude
webdudeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

esw074Commented:
Do you know for sure that it was successful, or was it just attempted?  Keep in mind that an attempt will still send an email to the script's default mail recipient with the attempted hijack displayed in the message subject and body.  Realistically, if the user input is filtered on the server side before the information is passed to the script, then it's not really possible for a spammer to hijack it.  If you're unsure about the implementation, post your whole script.
0
webdudeAuthor Commented:
So how can I tell if its an attempt or a success?  I received 4 emails (which I think my host limits it to that), just like I receieved 4 last time too.  How can I tell if 4,000 emails were sent out or how many ever the scriot sends?
0
esw074Commented:
If you see "BCC" and/or other email addresses in the message body, then the attempt was unsuccessful.  If the formatting looks correct in the email, then there's still something wrong.  
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

webdudeAuthor Commented:
actually I deleted the emails and deleted them from the deleted items folder too in case anything contained a virus ;(

well, if it happens again I guess I will keep watch on that..

if interested, I just posted a different questions here:
http://www.experts-exchange.com/Web/Web_Languages/ASP/Q_21798543.html

Should be some fast easy points for you! ;)
0
webdudeAuthor Commented:
Got 2 more spams this morning.  Here is a copy / paste of one esw.  (myserver.com was used in place of my real domain)

************************************************

Contact Name: manoover2972@myserver.com

Title: he
Content-Type: multipart/alternative;
boundary=a8b3310f5b0505eda2bff6c0f84734edMIME-Version:1.0
Subject: watch them they are true moralists. t isbcc:magnetic54@SexMagnet.com
 
This is a multi-part message in MIME format.--a8b3310f5b0505eda2bff6c0f84734edContent-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0Content-Transfer-Encoding:7bit
 
s etters were the subject of conversation, and now the conversation took the same direction. t was often renewed. tto was a very frequent guest--a8b3310f5b0505eda2bff6c0f84734ed--.Company: manoover2972@myserver.com

E-Mail: manoover2972@myserver.com

Phone: manoover2972@myserver.com

Contact By: manoover2972@myserver.com

Comments: manoover2972@myserver.com


************************************************

My form only asks for the 5 fields:

Contact Name:

E-Mail:

Phone:

Contact By:

Comments:


so the stuff in the middle is beyond me.  So since there is no BCC field, does that mean it is being sent out to multiple places using my domain?

0
webdudeAuthor Commented:
Actually missed this line that has bcc in it.

Subject: watch them they are true moralists. t isbcc:magnetic54@SexMagnet.com

but its isbcc: not bcc:

that matter?
0
esw074Commented:
Hi Webdude-

You're seeing the "BCC" in the subject line because their attempt to insert a line break there failed.  This was a test to see if they could send the form to themselves at the "magnetic54@SexMagnet.com" address, forcing the BCC into the header.  Typically you'll see someone test it a couple of times and then move on when it doesn't work.  As long as you're filtering your input to the mail script with that regex, nothing is going to get through.  
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
webdudeAuthor Commented:
ok, then you get more points from me ;)

thanks again for the confirmation.

Now all you havr to do is help me on this one:
http://www.experts-exchange.com/Web/Web_Languages/ASP/Q_21798543.html


;)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.