Solved

Web site vulnerability?

Posted on 2007-03-19
2
324 Views
Last Modified: 2010-04-06
I have a web site that I created that allow perspective clients to submit a form which is emailed to our company. Over the past few days I have received some odd responses, well actually the same one.

Does anyone have any idea what is causing this?

here is an example of the email ouput:


"What is your approximate price range? :
Province/State: Bush
Address:
http://google.com
City: Phoenix
Email: main@yandex.com
Country:
USA
Telephone: 55555
Comments: Hello, nice site look this:
<a href="http://aktokuhc-2.info/00380.html">link</a>
[url=http://aktokuhc-2.info/00380.html]link[/url]
http://aktokuhc-2.info/00380.html
<a
href="http://aktokuhc-2.info/00008.html">link</a>
[url=http://aktokuhc-2.info/00008.html]link[/url]
http://aktokuhc-2.info/00008.html
<a
href="http://aktokuhc-2.info/00118.html">link</a>
[url=http://aktokuhc-2.info/00118.html]link[/url]
http://aktokuhc-2.info/00118.html
<a
href="http://aktokuhc-1.info/00405.html">link</a>
[url=http://aktokuhc-1.info/00405.html]link[/url]
http://aktokuhc-1.info/00405.html
<a
href="http://aktokuhc-2.info/00128.html">link</a>
[url=http://aktokuhc-2.info/00128.html]link[/url]
http://aktokuhc-2.info/00128.html
<a
href="http://aktokuhc-2.info/00214.html">link</a>
[url=http://aktokuhc-2.info/00214.html]link[/url]
http://aktokuhc-2.info/00214.html
<a
href="http://aktokuhc-1.info/00294.html">link</a>
[url=http://aktokuhc-1.info/00294.html]link[/url]
http://aktokuhc-1.info/00294.html
<a
href="http://aktokuhc-1.info/00033.html">link</a>
[url=http://aktokuhc-1.info/00033.html]link[/url]
http://aktokuhc-1.info/00033.html
<a
href="http://aktokuhc-2.info/00379.html">link</a>
[url=http://aktokuhc-2.info/00379.html]link[/url]
http://aktokuhc-2.info/00379.html
<a
href="http://aktokuhc-1.info/00053.html">link</a>
[url=http://aktokuhc-1.info/00053.html]link[/url]
http://aktokuhc-1.info/00053.html
<a
href="http://aktokuhc-2.info/00092.html">link</a>
[url=http://aktokuhc-2.info/00092.html]link[/url]
http://aktokuhc-2.info/00092.html
<a
href="http://aktokuhc-1.info/00211.html">link</a>
[url=http://aktokuhc-1.info/00211.html]link[/url]
http://aktokuhc-1.info/00211.html
<a
href="http://aktokuhc-2.info/00026.html">link</a>
[url=http://aktokuhc-2.info/00026.html]link[/url]
http://aktokuhc-2.info/00026.html
<a
href="http://aktokuhc-1.info/00482.html">link</a>
[url=http://aktokuhc-1.info/00482.html]link[/url]
http://aktokuhc-1.info/00482.html
<a
href="http://aktokuhc-2.info/00478.html">link</a>
[url=http://aktokuhc-2.info/00478.html]link[/url]
http://aktokuhc-2.info/00478.html
<a
href="http://aktokuhc-1.info/00331.html">link</a>
[url=http://aktokuhc-1.info/00331.html]link[/url]
http://aktokuhc-1.info/00331.html
<a
href="http://aktokuhc-1.info/00323.html">link</a>
[url=http://aktokuhc-1.info/00323.html]link[/url]
http://aktokuhc-1.info/00323.html
<a
href="http://aktokuhc-2.info/00285.html">link</a>
[url=http://aktokuhc-2.info/00285.html]link[/url]
http://aktokuhc-2.info/00285.html
<a
href="http://aktokuhc-1.info/00208.html">link</a>
[url=http://aktokuhc-1.info/00208.html]link[/url]
http://aktokuhc-1.info/00208.html
<a
href="http://aktokuhc-1.info/00398.html">link</a>
[url=http://aktokuhc-1.info/00398.html]link[/url]
http://aktokuhc-1.info/00398.html
<a
href="http://aktokuhc-2.info/00442.html">link</a>
[url=http://aktokuhc-2.info/00442.html]link[/url]
http://aktokuhc-2.info/00442.html
<a
href="http://aktokuhc-1.info/00027.html">link</a>
[url=http://aktokuhc-1.info/00027.html]link[/url]
http://aktokuhc-1.info/00027.html
<a
href="http://aktokuhc-2.info/00112.html">link</a>
[url=http://aktokuhc-2.info/00112.html]link[/url]
http://aktokuhc-2.info/00112.html
<a
href="http://aktokuhc-2.info/00125.html">link</a>
[url=http://aktokuhc-2.info/00125.html]link[/url]
http://aktokuhc-2.info/00125.html
<a
href="http://aktokuhc-1.info/00434.html">link</a>
[url=http://aktokuhc-1.info/00434.html]link[/url]
http://aktokuhc-1.info/00434.html

End ^) See you"

If anyone culd shed a bit of light on this then I can work on trying to eliminate it.

Thanks,

COB
0
Comment
Question by:clcuser
2 Comments
 
LVL 5

Accepted Solution

by:
PhilHow earned 250 total points
ID: 18753121
The is produced by a spambot(a program that simulates form submission.  The links are to porn sites, gaming sites or malicious software sites.

To prevent this kind of spam you need to validate the submittr as human. To do that you would use something like CAPTCHA (see wikipedia) or Google it.

You will never completely stop spam as long as you have submission forms.  Of more concern is whether you are validating the input to prevent code injection exploits.  If you are just accepting whatever is entered without sanitizing and validating you are opwen to serious hacker attacks and you need to address security before you get hammered.
0
 

Author Comment

by:clcuser
ID: 18755289
appreciate your time. thanks!!!
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WordPress site & webmasters 4 135
Apple workstations and domain 5 58
Edit a page at wix.com 8 49
Detailed steps to upload 6 36
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Introduction HyperText Transfer Protocol (http://www.ietf.org/rfc/rfc2616.txt) or "HTTP" is the underpinning of internet communication.  As a teacher of web development I have heard many questions, mostly from my younger students who have come to t…
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question