Solved

Web site vulnerability?

Posted on 2007-03-19
2
317 Views
Last Modified: 2010-04-06
I have a web site that I created that allow perspective clients to submit a form which is emailed to our company. Over the past few days I have received some odd responses, well actually the same one.

Does anyone have any idea what is causing this?

here is an example of the email ouput:


"What is your approximate price range? :
Province/State: Bush
Address:
http://google.com
City: Phoenix
Email: main@yandex.com
Country:
USA
Telephone: 55555
Comments: Hello, nice site look this:
<a href="http://aktokuhc-2.info/00380.html">link</a>
[url=http://aktokuhc-2.info/00380.html]link[/url]
http://aktokuhc-2.info/00380.html
<a
href="http://aktokuhc-2.info/00008.html">link</a>
[url=http://aktokuhc-2.info/00008.html]link[/url]
http://aktokuhc-2.info/00008.html
<a
href="http://aktokuhc-2.info/00118.html">link</a>
[url=http://aktokuhc-2.info/00118.html]link[/url]
http://aktokuhc-2.info/00118.html
<a
href="http://aktokuhc-1.info/00405.html">link</a>
[url=http://aktokuhc-1.info/00405.html]link[/url]
http://aktokuhc-1.info/00405.html
<a
href="http://aktokuhc-2.info/00128.html">link</a>
[url=http://aktokuhc-2.info/00128.html]link[/url]
http://aktokuhc-2.info/00128.html
<a
href="http://aktokuhc-2.info/00214.html">link</a>
[url=http://aktokuhc-2.info/00214.html]link[/url]
http://aktokuhc-2.info/00214.html
<a
href="http://aktokuhc-1.info/00294.html">link</a>
[url=http://aktokuhc-1.info/00294.html]link[/url]
http://aktokuhc-1.info/00294.html
<a
href="http://aktokuhc-1.info/00033.html">link</a>
[url=http://aktokuhc-1.info/00033.html]link[/url]
http://aktokuhc-1.info/00033.html
<a
href="http://aktokuhc-2.info/00379.html">link</a>
[url=http://aktokuhc-2.info/00379.html]link[/url]
http://aktokuhc-2.info/00379.html
<a
href="http://aktokuhc-1.info/00053.html">link</a>
[url=http://aktokuhc-1.info/00053.html]link[/url]
http://aktokuhc-1.info/00053.html
<a
href="http://aktokuhc-2.info/00092.html">link</a>
[url=http://aktokuhc-2.info/00092.html]link[/url]
http://aktokuhc-2.info/00092.html
<a
href="http://aktokuhc-1.info/00211.html">link</a>
[url=http://aktokuhc-1.info/00211.html]link[/url]
http://aktokuhc-1.info/00211.html
<a
href="http://aktokuhc-2.info/00026.html">link</a>
[url=http://aktokuhc-2.info/00026.html]link[/url]
http://aktokuhc-2.info/00026.html
<a
href="http://aktokuhc-1.info/00482.html">link</a>
[url=http://aktokuhc-1.info/00482.html]link[/url]
http://aktokuhc-1.info/00482.html
<a
href="http://aktokuhc-2.info/00478.html">link</a>
[url=http://aktokuhc-2.info/00478.html]link[/url]
http://aktokuhc-2.info/00478.html
<a
href="http://aktokuhc-1.info/00331.html">link</a>
[url=http://aktokuhc-1.info/00331.html]link[/url]
http://aktokuhc-1.info/00331.html
<a
href="http://aktokuhc-1.info/00323.html">link</a>
[url=http://aktokuhc-1.info/00323.html]link[/url]
http://aktokuhc-1.info/00323.html
<a
href="http://aktokuhc-2.info/00285.html">link</a>
[url=http://aktokuhc-2.info/00285.html]link[/url]
http://aktokuhc-2.info/00285.html
<a
href="http://aktokuhc-1.info/00208.html">link</a>
[url=http://aktokuhc-1.info/00208.html]link[/url]
http://aktokuhc-1.info/00208.html
<a
href="http://aktokuhc-1.info/00398.html">link</a>
[url=http://aktokuhc-1.info/00398.html]link[/url]
http://aktokuhc-1.info/00398.html
<a
href="http://aktokuhc-2.info/00442.html">link</a>
[url=http://aktokuhc-2.info/00442.html]link[/url]
http://aktokuhc-2.info/00442.html
<a
href="http://aktokuhc-1.info/00027.html">link</a>
[url=http://aktokuhc-1.info/00027.html]link[/url]
http://aktokuhc-1.info/00027.html
<a
href="http://aktokuhc-2.info/00112.html">link</a>
[url=http://aktokuhc-2.info/00112.html]link[/url]
http://aktokuhc-2.info/00112.html
<a
href="http://aktokuhc-2.info/00125.html">link</a>
[url=http://aktokuhc-2.info/00125.html]link[/url]
http://aktokuhc-2.info/00125.html
<a
href="http://aktokuhc-1.info/00434.html">link</a>
[url=http://aktokuhc-1.info/00434.html]link[/url]
http://aktokuhc-1.info/00434.html

End ^) See you"

If anyone culd shed a bit of light on this then I can work on trying to eliminate it.

Thanks,

COB
0
Comment
Question by:clcuser
2 Comments
 
LVL 5

Accepted Solution

by:
PhilHow earned 250 total points
ID: 18753121
The is produced by a spambot(a program that simulates form submission.  The links are to porn sites, gaming sites or malicious software sites.

To prevent this kind of spam you need to validate the submittr as human. To do that you would use something like CAPTCHA (see wikipedia) or Google it.

You will never completely stop spam as long as you have submission forms.  Of more concern is whether you are validating the input to prevent code injection exploits.  If you are just accepting whatever is entered without sanitizing and validating you are opwen to serious hacker attacks and you need to address security before you get hammered.
0
 

Author Comment

by:clcuser
ID: 18755289
appreciate your time. thanks!!!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
bootstrap grid help 9 122
How to debug CodeIgniter (PHP) 7 271
Pen testing software 5 55
Problem to echo 6 80
Foreword (May 2015) This web page has appeared at Google.  It's definitely worth considering! https://www.google.com/about/careers/students/guide-to-technical-development.html How to Know You are Making a Difference at EE In August, 2013, one …
If I have to fix slow responding website my first thoughts are server side optimizations: the database may not be optimized or caching is not enabled, or things like that. We often overlook another major part of our web application: the client. We o…
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now