[support] contact form spam
Anisa
mystavash at animecards.org
Thu Aug 17 15:24:27 UTC 2006
It's a thought. So I will think on it. I just got another 3 spam
feedback. It's just so... dumb.
Maybe I'll add a simple captcha....
Anisa.
On 8/17/06, Casper Labuschagne <casperl at krooninfo.co.za> wrote:
>
> On Wed, 16 Aug 2006 20:03:31 +0200, Anisa <mystavash at animecards.org>
> wrote:
>
> > Yesterday, I got some spam through my site contact form.
> > Not entirely sure what to do, if anything. Should I do something? I
>
> Yep. Firstly Lullabot has an interesting article on contact forms with
> some tips:
> http://www.lullabot.com/articles/fighting_spam_with_captcha
>
> Make sure you are running the latest version of Drupal. If you have a
> contact form that is part of a module such as the Feedback module (highly
> recommended) ensure that you have installed the latest module code.
>
> Also keep up to date with Drupal security updates:
> http://drupal.org/security
>
> It is recommended to subscribe to the RSS feed with Drupal security
> advisories:
> http://drupal.org/security/rss.xml
>
> > could find the spam ip addresses and ban them, of course. Should I be
> > worried about the site being vulnerable?
>
> Not really, at least not today. But we should all be worried. There are
> 280,000 virusses, Trojans, Worms etc affecting Windows. If and when
> Windows become secure, the substantial industry associated with malware
> will either turn their attention to a) Linux b) Macintosh and c) CMS
> systems and PHP. Item c) is ripe for malware exploits!
>
> > :( My danger sense isn't going off, but that could just because I'm
> > really ignorant in these sorts of things.
>
> I have a major problem with more than one Drupal sites where the ISP
> acceptable email limit is reached within minutes of the new hour
> whereafter my email gets blocked for the next hour. It could be either
> end-user spam (I am running a number of pop accounts) or it could be
> contact form injection spam or some other vulnaribility. I have
> considered writing the output of the contact form to a sql table to be
> able to see what happens there. My problem is that if it is spam as a
> result of a SQL injection attempt in a PHP form, my email address is also
> blocked and whatever spam was sent out via the contact form does not end
> up with me.
>
>
> Casper Labuschagne
> +27827054416
> www.krooninfo.co.za www.boerboel.co.za
> Visit http://www.ubuntu.com for a highly recommended open source
> alternative to Windows!
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
--
*********************************
www.AnimeCards.Org
16,000 scans and counting!
*********************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20060817/faf2ac5f/attachment.htm
More information about the support
mailing list