[support] contact form spam

Casper Labuschagne casperl at krooninfo.co.za
Thu Aug 17 06:51:36 UTC 2006 

On Wed, 16 Aug 2006 20:03:31 +0200, Anisa <mystavash at animecards.org> wrote:

> Yesterday, I got some spam through my site contact form.
> Not entirely sure what to do, if anything.  Should I do something?  I

Yep.  Firstly Lullabot has an interesting article on contact forms with  
some tips:
    http://www.lullabot.com/articles/fighting_spam_with_captcha

Make sure you are running the latest version of Drupal.  If you have a  
contact form that is part of a module such as the Feedback module (highly  
recommended) ensure that you have installed the latest module code.

Also keep up to date with Drupal security updates:
   http://drupal.org/security

It is recommended to subscribe to the RSS feed with Drupal security  
advisories:
   http://drupal.org/security/rss.xml

> could find the spam ip addresses and ban them, of course. Should I be  
> worried about the site being vulnerable?

Not really, at least not today.  But we should all be worried.  There are  
280,000 virusses, Trojans, Worms etc affecting Windows.  If and when  
Windows become secure, the substantial industry associated with malware  
will either turn their attention to a) Linux b) Macintosh and c) CMS  
systems and PHP.  Item c) is ripe for malware exploits!

> :(  My danger sense isn't going off, but that could just because I'm  
> really ignorant in these sorts of things.

I have a major problem with more than one Drupal sites where the ISP  
acceptable email limit is reached within minutes of the new hour  
whereafter my email gets blocked for the next hour.  It could be either  
end-user spam (I am running a number of pop accounts) or it could be  
contact form injection spam or some other vulnaribility.  I have  
considered writing the output of the contact form to a sql table to be  
able to see what happens there.  My problem is that if it is spam as a  
result of a SQL injection attempt in a PHP form, my email address is also  
blocked and whatever spam was sent out via the contact form does not end  
up with me.


Casper Labuschagne
+27827054416
www.krooninfo.co.za www.boerboel.co.za
Visit http://www.ubuntu.com for a highly recommended open source  
alternative to Windows!

More information about the support mailing list