masterree
asked on
Stopping SPAM that comes through forms on a web page??
I installed a simple 'contact us' form on a clients site, using the hosts auto-install of formmail.pl. visitor could fill out a few fields and hit submit and it would email the data to client. However client started getting SPAM via this form, so I disabled it, uninstalling formmail.pl to make sure. Recently I need to use a different form, however, so I reinstalled formmail.pl (again through host's auto install feature) and immediately client started getting spam submissions again. It looks like it's from a spider that searches for pages with forms then fills them out with self-promotion and other garbage.
The strange thing is that these spam messages seem to be still be coming from the previous Contact Us page, although I have tried to delete every page that might still have the form data on it.
My question is - is there any way to tell which page on a site is generating an email, just from the email itself, or fom the site logs...? If not, is there any way to search an entire directory for the culprit page? Or does anyone else have any other advice on stopping the spam-through-forms problem??
The strange thing is that these spam messages seem to be still be coming from the previous Contact Us page, although I have tried to delete every page that might still have the form data on it.
My question is - is there any way to tell which page on a site is generating an email, just from the email itself, or fom the site logs...? If not, is there any way to search an entire directory for the culprit page? Or does anyone else have any other advice on stopping the spam-through-forms problem??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i stand corrected. I just tested it from my local machine and sure enough it sent the info and worked fine. If that's the case, then, that someone/something hijacked the form and sends it remotely... how about if I hide the perl script in a sub directory. That way whatever form they hijacked would now be useless? Then I would be starting fresh with a new form and I could institute a graphic random number checker or something to thwart the spam-bots... Yes? No? Maybe?
I also need to figure out how to do a graphic validation for the form - can anyone point me in the right direction to learn how to do that?
I also need to figure out how to do a graphic validation for the form - can anyone point me in the right direction to learn how to do that?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
mjcoyne - are you sure about this?? I'm pretty sure there are safeguard in place on the servers where the site is hosted that won't allow this to happen. But if so how could I institute the random character graphic that you mention, to thwart the spam, since as you say i might not even have control of the form any more. I don't have the expertise to modify the perl script, nor do I want to.