[support] contact form spam

Anisa mystavash at animecards.org
Thu Aug 17 15:24:27 UTC 2006 

It's a thought.  So I will think on it.  I just got another 3 spam
feedback.  It's just so... dumb.

Maybe I'll add a simple captcha....

Anisa.

On 8/17/06, Casper Labuschagne <casperl at krooninfo.co.za> wrote:
>
> On Wed, 16 Aug 2006 20:03:31 +0200, Anisa <mystavash at animecards.org>
> wrote:
>
> > Yesterday, I got some spam through my site contact form.
> > Not entirely sure what to do, if anything.  Should I do something?  I
>
> Yep.  Firstly Lullabot has an interesting article on contact forms with
> some tips:
>     http://www.lullabot.com/articles/fighting_spam_with_captcha
>
> Make sure you are running the latest version of Drupal.  If you have a
> contact form that is part of a module such as the Feedback module (highly
> recommended) ensure that you have installed the latest module code.
>
> Also keep up to date with Drupal security updates:
>    http://drupal.org/security
>
> It is recommended to subscribe to the RSS feed with Drupal security
> advisories:
>    http://drupal.org/security/rss.xml
>
> > could find the spam ip addresses and ban them, of course. Should I be
> > worried about the site being vulnerable?
>
> Not really, at least not today.  But we should all be worried.  There are
> 280,000 virusses, Trojans, Worms etc affecting Windows.  If and when
> Windows become secure, the substantial industry associated with malware
> will either turn their attention to a) Linux b) Macintosh and c) CMS
> systems and PHP.  Item c) is ripe for malware exploits!
>
> > :(  My danger sense isn't going off, but that could just because I'm
> > really ignorant in these sorts of things.
>
> I have a major problem with more than one Drupal sites where the ISP
> acceptable email limit is reached within minutes of the new hour
> whereafter my email gets blocked for the next hour.  It could be either
> end-user spam (I am running a number of pop accounts) or it could be
> contact form injection spam or some other vulnaribility.  I have
> considered writing the output of the contact form to a sql table to be
> able to see what happens there.  My problem is that if it is spam as a
> result of a SQL injection attempt in a PHP form, my email address is also
> blocked and whatever spam was sent out via the contact form does not end
> up with me.
>
>
> Casper Labuschagne
> +27827054416
> www.krooninfo.co.za www.boerboel.co.za
> Visit http://www.ubuntu.com for a highly recommended open source
> alternative to Windows!
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>



-- 
*********************************
www.AnimeCards.Org

16,000 scans and counting!
*********************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20060817/faf2ac5f/attachment.htm

More information about the support mailing list