close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Customer bombarded with bogus emails...

Thread began 12/13/2010 12:37 pm by julie383376 | Last modified 12/15/2010 12:34 pm by neilo | 2599 views | 7 replies |

julie383376

Customer bombarded with bogus emails...

I have a simple contact form on a customer's website that I created with CSS Form Builder a few months ago. This weekend, the customer received about 1500 emails that were responses from that form.

The form has CAPTCHA security on it.

I need to know if I did something wrong that allowed some automated email generator thingy to do this.

If someone was able to figure out how to logon to this customer's site and retrieve files, would they be able to bypass the CAPTCHA?

Ugh...

~J

Sign in to reply to this post

Jason ByrnesWebAssist

can you verify that captcha validation is catching bad security codes on the form?

if the captcha is catching a bad security code, a site visitor could not disable it.

captcha will not prevent all spam from getting through.

there are some automated tools available that can read the security code on the screen to bypass captcha, it is also possible that human being is doing the job manually.

Sign in to reply to this post

julie383376

When you say "can you verify that captcha validation is catching bad security codes on the form?", did you mean to try entering a different code than what Captcha is requesting? I did that, and the form would not submit.

I don't think the form was being submitted manually, because they received those emails in such a short period of time.

Well, dang... I suppose the captcha screens out the majority of junk, but there's just no escaping people with too much time on their hands...

~J

Sign in to reply to this post

julie383376

Okay - the form just got hit again... It's just a simple form on a bank's website where customers can opt-in to something.

I only have the captcha image. If I added the security question too, would that help prevent this?

Sign in to reply to this post

Miguel

You can also add a honey pot to stop spam

Sign in to reply to this post

julie383376

I read about "honey pots" - just wasn't sure how to tell the form not to submit if the bogus field is filled out... is this done somehow with the validation?

Sign in to reply to this post

CraigRBeta Tester

you hide the honeypot field with css, so that it isnt visible to a site visitor

when carrying out the email validation, check the field to ensure nothing is entered, if there is, then it cannot have been completed via the form, therefore it is spam

Sign in to reply to this post

neilo

Re your post #4, yes - a security question would help. You could also increase the 'noise' in your captcha image to make it harder for the bots to OCR it.

Having said that, the extreme nature of the attack you are experiencing is not usual. It seems to be targeted. It may be worth asking your hosting provider if any other subscribers to their services are reporting similar events.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...