It's a thought. So I will think on it. I just got another 3 spam feedback. It's just so... dumb.
Maybe I'll add a simple captcha....
Anisa.
On 8/17/06, Casper Labuschagne casperl@krooninfo.co.za wrote:
On Wed, 16 Aug 2006 20:03:31 +0200, Anisa mystavash@animecards.org wrote:
Yesterday, I got some spam through my site contact form. Not entirely sure what to do, if anything. Should I do something? I
Yep. Firstly Lullabot has an interesting article on contact forms with some tips: http://www.lullabot.com/articles/fighting_spam_with_captcha
Make sure you are running the latest version of Drupal. If you have a contact form that is part of a module such as the Feedback module (highly recommended) ensure that you have installed the latest module code.
Also keep up to date with Drupal security updates: http://drupal.org/security
It is recommended to subscribe to the RSS feed with Drupal security advisories: http://drupal.org/security/rss.xml
could find the spam ip addresses and ban them, of course. Should I be worried about the site being vulnerable?
Not really, at least not today. But we should all be worried. There are 280,000 virusses, Trojans, Worms etc affecting Windows. If and when Windows become secure, the substantial industry associated with malware will either turn their attention to a) Linux b) Macintosh and c) CMS systems and PHP. Item c) is ripe for malware exploits!
:( My danger sense isn't going off, but that could just because I'm really ignorant in these sorts of things.
I have a major problem with more than one Drupal sites where the ISP acceptable email limit is reached within minutes of the new hour whereafter my email gets blocked for the next hour. It could be either end-user spam (I am running a number of pop accounts) or it could be contact form injection spam or some other vulnaribility. I have considered writing the output of the contact form to a sql table to be able to see what happens there. My problem is that if it is spam as a result of a SQL injection attempt in a PHP form, my email address is also blocked and whatever spam was sent out via the contact form does not end up with me.
Casper Labuschagne +27827054416 www.krooninfo.co.za www.boerboel.co.za Visit http://www.ubuntu.com for a highly recommended open source alternative to Windows! -- [ Drupal support list | http://lists.drupal.org/ ]