It's a thought. So I will think on it. I just got another 3 spam feedback. It's just so... dumb.<br>
<br>
Maybe I'll add a simple captcha....<br>
<br>
Anisa.<br><br><div><span class="gmail_quote">On 8/17/06, <b class="gmail_sendername">Casper Labuschagne</b> <<a href="mailto:casperl@krooninfo.co.za">casperl@krooninfo.co.za</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Wed, 16 Aug 2006 20:03:31 +0200, Anisa <<a href="mailto:mystavash@animecards.org">mystavash@animecards.org</a>> wrote:<br><br>> Yesterday, I got some spam through my site contact form.<br>> Not entirely sure what to do, if anything. Should I do something? I
<br><br>Yep. Firstly Lullabot has an interesting article on contact forms with<br>some tips:<br> <a href="http://www.lullabot.com/articles/fighting_spam_with_captcha">http://www.lullabot.com/articles/fighting_spam_with_captcha
</a><br><br>Make sure you are running the latest version of Drupal. If you have a<br>contact form that is part of a module such as the Feedback module (highly<br>recommended) ensure that you have installed the latest module code.
<br><br>Also keep up to date with Drupal security updates:<br> <a href="http://drupal.org/security">http://drupal.org/security</a><br><br>It is recommended to subscribe to the RSS feed with Drupal security<br>advisories:
<br> <a href="http://drupal.org/security/rss.xml">http://drupal.org/security/rss.xml</a><br><br>> could find the spam ip addresses and ban them, of course. Should I be<br>> worried about the site being vulnerable?
<br><br>Not really, at least not today. But we should all be worried. There are<br>280,000 virusses, Trojans, Worms etc affecting Windows. If and when<br>Windows become secure, the substantial industry associated with malware
<br>will either turn their attention to a) Linux b) Macintosh and c) CMS<br>systems and PHP. Item c) is ripe for malware exploits!<br><br>> :( My danger sense isn't going off, but that could just because I'm<br>> really ignorant in these sorts of things.
<br><br>I have a major problem with more than one Drupal sites where the ISP<br>acceptable email limit is reached within minutes of the new hour<br>whereafter my email gets blocked for the next hour. It could be either<br>
end-user spam (I am running a number of pop accounts) or it could be<br>contact form injection spam or some other vulnaribility. I have<br>considered writing the output of the contact form to a sql table to be<br>able to see what happens there. My problem is that if it is spam as a
<br>result of a SQL injection attempt in a PHP form, my email address is also<br>blocked and whatever spam was sent out via the contact form does not end<br>up with me.<br><br><br>Casper Labuschagne<br>+27827054416<br><a href="http://www.krooninfo.co.za">
www.krooninfo.co.za</a> <a href="http://www.boerboel.co.za">www.boerboel.co.za</a><br>Visit <a href="http://www.ubuntu.com">http://www.ubuntu.com</a> for a highly recommended open source<br>alternative to Windows!<br>--<br>
[ Drupal support list | <a href="http://lists.drupal.org/">http://lists.drupal.org/</a> ]<br></blockquote></div><br><br clear="all"><br>-- <br>*********************************<br><a href="http://www.AnimeCards.Org">www.AnimeCards.Org
</a><br><br>16,000 scans and counting!<br>*********************************