spam bot daily probing/attack

SunPoweredProductions 19 Jul, 2010
I'm concerned with an installations of chronoforms 3.1RC5.5, Joomla 1.5.18.

We have a contact form that has been receiving what appear to be automated emails filled out like this.

Name**: ajuphivl
Email** : [email][/email]
Office Phone** : yVlZCQudvhBXnJPcBn
Cell Phone: DGbzmIyGBuXjzqKo

We don't have captcha installed on that form so it is not surprising and I've just been erasing the one or two emails of this type we receive daily.

I'm mostly just curious if anyone has any recommendation or information about this type of probing or attack. Is this something to be concerned about? Is there anything I can do to prevent this (besides enabling captcha)?
nml375 19 Jul, 2010
The impact of probes/attacks like these mainly depend on how the submitted data is processed. What these people generally are looking for, is routes to send spam, and means to post URL's.

The second is mainly to boost pagerank in searchengines by having a vast number of sites linking to their site (making google and others think this is an important site). You'll actually find quite a large amount of similar posts here on the forum, with nonsense-posts and a few links in the signature.

If you send emails with the "dynamic to" email settings, the concern would be that this could be used to spam 3rd-party using your site. This could potentially get your domain or Hosting provider blacklisted.

If you display the submitted data somewhere on the webpage (like a guestbook, forum, etc), the main concern would be to constantly clean out these posts. Also, the longer the data remains visible, the more attractive the site gets for these spammers, as the chances of a searchengine hitting the data increases.

Preventing these attacks is hard. Using a captcha is a good start, as well as moderating any data displayed on the webpage. You could also use the "Serverside Validation" to manually test the submitted data, such that a phone number may only contain 0-9, +, -, and space. You could further resort to using various blacklists, though this either requires you to constantly review the lists yourself, or using services provided by others. In either case, you still face the risk of false-positives.

This topic is locked and no more replies can be posted.