I can understand they grab your e-mail addy anywhere from the net

but now they're even (ab)using the e-mail form on my website...


any way to stop this?

I have the same thing going on with my site. I'm not sure that they are just spammers though. I think a lot of them are looking for sites/scripts that are vulnerable to a MySQL injection exploit.

tough situation. A simple, draconian approach would be to take down the email form on your site for a bit and hopefully they move onto the next victim. I didn't look at your site though, and this may not be appropriate depending on how critical the functionality is.

another (more complicated) approach would be to implement one of the anti spam mechanisms that require you to type in an alpha numberic code for each submitted request. But again, it all depends on the nature of the form and how much time/effort you want to put in.

just my .02

The thing I find so funny with the spam I get is all the incorrect names it comes with. Sorry, I'm not John Turner, or Arun, or Cathy or any ot the other names. I'm not sure how they get the names so mixed up. Some are other company employees and others are not. My home provider kills all but a few spam coming in. The company provider separates 80% into a spam folder for review.

QUOTE (Jeroen @ Feb 28 2006, 06:09 AM)

any way to stop this?

yupp, simple ...

use the "HTTP_REFERER" server variable to determine if the form data submitted to your script came from your own server or from somewhere else ...

i don't have any PHP example, but here's a ASP code snippet from my server:

CODE

' --------------------------------------------------------- ' check to see if HTTP_REFERER matches our own domain ' this prevents hack attacks from other sites that try ' to submit form data to us ' --------------------------------------------------------- sub CheckReferer(aPage) sRef = Request.ServerVariables("HTTP_REFERER") if (sRef = "") OR (InStr(sRef,Session("HostURL")) <> 1) AND (InStr(sRef,Session("HostURL2")) <> 1) then  Call SendErrorAndExit("Off-Site Request/Post!<br><br>Your IP and other info has been tracked and our Administrator has been alerted.",aPage,"/index.cfm") end if end sub

simply replace "Session("HostURL")" with your own server URL, like "http://www.rennware.com/", note that i'm checking for two possible URLs in my code (http and https) ...

Andy

I believe AA is getting members email addresses from the sight. I keep getting their spam!

QUOTE (boboli914@att.net @ Feb 28 2006, 10:26 AM)

I believe AA is getting members email addresses from the sight. I keep getting their spam!

well, in your case it's *easy*, as you used it as your members name.

that's like handing it to all the spammers on a golden platter ...
Andy

QUOTE (SirAndy @ Feb 28 2006, 10:51 AM)

QUOTE (boboli914@att.net @ Feb 28 2006, 10:26 AM) I believe AA is getting members email addresses from the sight. I keep getting their spam!  :stromberg: well, in your case it's *easy*, as you used it as your members name. that's like handing it to all the spammers on a golden platter ... Andy

Actually its not! It used to be at one time,but I did not know how to change it???

QUOTE (boboli914@att.net @ Feb 28 2006, 12:32 PM)

Actually its not!

well, then how is AA getting your email address off this site ???

Andy

QUOTE (SirAndy @ Feb 28 2006, 12:35 PM)

QUOTE (boboli914@att.net @ Feb 28 2006, 12:32 PM) Actually its not! well, then how is AA getting your email address off this site ??? Andy

Possibly through PM or through the classifieds section How the heck do I know! Unless there on the Upholstery Journal website aswell, but I seriously doubt that.

QUOTE (SirAndy @ Feb 28 2006, 03:35 PM)

QUOTE (boboli914@att.net @ Feb 28 2006, 12:32 PM) Actually its not! well, then how is AA getting your email address off this site ??? Andy

AA and GPR got mine also somehow. I don't know how/why/where though, as I have never emailed either company nor bought anything from them. Maybe some Evilbay stuff?

Thanks Andy, I'll dig into that!

It's kind of old-school but also a lot of spammers still seem to mine Whois listings. I have switched to private listings due to this, but it's too late, I get hammered with spam on my older email accounts especially my main work one. Also never, ever, post classified ads or job listings etc. on a major site with your 'real' email address. For example we use monster.com at work from time to time and I have to set up a separate temporary mail account each time we post ads because they start to get spam within 2-3 days of a job ad going up. It's such an effin' waste of time fighting this crap! More than 15% of the incoming mail on my work server is spam these days...