Form spam problem

[nickw]

Tweet

Just a quick idea for a temporary fix (I have been having a similar problem)...

The page that your form is on was almost certainly found by the spammers using a script - and is now listed in their database as a good place to 'hit'. You might be able to solve the problem (temporarily) by just changing the name of the page (and updating all links to it of course).

e.g. change it from myform.php to myform2.php

You'll be OK until another spammer finds the new form!

BTW Hello everyone - that was my first post on the a4u forum - I'll have to do a proper intro post later!

[nickw]

Just had a quick look through the code. The problem isn't header injection (you wouldn't necessarily know that is happening anyway) - I think they are just submitting stuff through your form and hoping it gets published somewhere on your site (so they get backlinks) or hoping that someone will get an email, follow the links and buy some s**t.

I was about to let you know about a problem with the first script you posted - anyone could set the recipient from one of the values POSTed to the page which could have turned your form into a great spam engine! But the second time you posted the code it was a little different and the potential exploit had gone (I guess someone else had spotted that one).

I really like the solution that rogoff posted on webmasterworld. Very cunning. I'll try that one myself!