It's Not a Client - It's Contact Form Spam

Contact form spam is a unique strategy that targets the contact form on your website.  Most of the contact forms being compromised are written in the popular PHP script.  Though this type of spam is rarer the most, a fair number of individuals have become victims. 

Protecting yourself from contact form spam

Spammers have made a growing trend out of using contact forms as the base of mass mailings.  With that comes the need to know what it takes to prevent this from happening.  The first step is recognizing how you may become a victim. 

The most logical way to find out if your contact forms have been compromised is to monitor your inbox.  If the spammers have begun their efforts, you may notice several returned messages as a result of your email address not being recognized. 

Spammers that make a habit out of hijacking contact forms do it by taking advantage of vulnerabilities in the PHP language.  This allows them to implement additional mail headers in a user's email text fields.

Just like all types, contact form spam can be contained by tightening up on security and validation of form pages.  These attempts at hijacking pose such a tremendous threat because the attacker will use your site's mail server to distribute literally hundreds or thousands of spam to unsuspecting recipients.  If you happen to notice signs of this malicious activity, it is certainly time to start investigating the matter. 

Here a few things that can be done to limit the risks of being victimized by contact form spam:

·         -Enforce strict contract form validation - This factor is often easily overlooked.  Don't take the standard route by relying on Javascript.  Server-side scripts such as ASP or advanced PHP are recommended

·         -Make sure the values of your forms do not contain data from email headers.

·         -Reduce the number of required characters to a reasonable level.

·         -Be aware of certain text that may represent keywords, phrases or codes.  This is certainly an indication of spam.

·        -Make use of the Capatcha feature.  This will force the participant to enter a numerical or alphabetical sequence before the information goes through.  The Capatcha will help you determine if the form is being submitted by a human or a spambot. 

·         -Validate all sessions - Be sure to create a special session for every visitor.  You can do this by storing random values on the server.  Add that to the hidden areas on your contact form and validate it by making a comparison with data placed on the server.  In most cases, the values will not match up if the contact form is being completed by an automated program.

·-         -Log and analyze IP addresses - There is a great chance that a spammer from a specific IP will constantly submit your contact forms over a short time frame.  Study your server logs and use this to detect activity from spammers and configure the proper restrictions.

Tightening up security is the defense in fighting contact form spam.  If there is a multitude of vulnerabilities in the form, the Capatcha may not be able to stop someone from spamming it. 

(0 Comments)
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
You can protect your computer from viruses without expensive software. Instead, follow these simple tips:

Stay up-to-date on all system updates.

Don't download any email attachments you weren't expecting.

Avoid freeware and peer-to-peer sharing sites.

Use alternative web browsers and email software.