0

Does anyone recognize this type of spam?

NAME: Bagas
EMAIL: dq95zxm7l@gmail.com
PHONE: JCBUIR6ulwtO
COMMENTS: I must express apaotcipeirn to the writer for bailing me out of this particular scenario. After browsing throughout the the web and coming across notions which were not pleasant, I assumed my entire life was done. Existing without the answers to the problems you have solved through your good short post is a crucial case, and the kind which may have badly damaged my career if I had not noticed your blog. Your main natural talent and kindness in controlling all the stuff was priceless. I am not sure what I would have done if I hadn't discovered such a solution like this. I am able to at this time look ahead to my future. Thank you very much for your impressive and sensible help. I won't hesitate to endorse the blog to any individual who should have support about this matter.

They are using my form "Inquire about product" to send me these spam emails, rather than using the contact forms. There are no links included in any and we receive 15-30 a day!

Will captcha stop this?

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
Jahan
  • 59
  • 3
  • 2
    In most cases, yeah. Do make sure to implement it properly. Captchas should foil even the most complex of bots, unless said bot has a group of people whose jobs is to solve captchas at $1 per 5000 captchas. – Aloha Jul 06 '15 at 15:43
  • Hmm, I traced back their comment to this blog: http://circadianesports.com/matches/g4-qualifiers-2/ I'm confused as to why they are just reposting previous blog comments and not spamming links? Any idea? – Jahan Jul 06 '15 at 15:55
  • 2
    I used to have a forum which was brought down because of this exact reason. I felt like it was used as a testing ground for spam bots. I saw repeated posts and some malicious links. <-> Spammers can have a wide range of motives ranging from **trolling** to **testing** to promoting malicious links to **bringing down your site by way of a ballooning database**. – Aloha Jul 06 '15 at 16:16
  • The bolded statements are the most likely reason **your** spammers are doing that. – Aloha Jul 06 '15 at 16:18
  • Interesting, thank you for your help. I was thinking it was possible they were doing this for seo purposes such as the Blackhat SEO tactic, is this possible? I have figured out they are using scrapecomments. If so, why are they targeting my email, as none of this is public...weird – Jahan Jul 06 '15 at 17:21
  • 1
    Does the "Inquire about product" funcionality filter CR+LF on the message? If no, it could be a scan to see if they can use your site as a spamming proxy, by exploiting a PHP _mail()_ vulnerability known as _Header splitting_, or _mail injecting_. – ThoriumBR Jul 06 '15 at 19:29
  • @ThoriumBR Is there a way I can find out of the form filters CR and LF without looking at its code? I do not have access to it at the moment. – Jahan Jul 06 '15 at 20:15
  • You can try injecting another address on the form, and see what happens. Put _some.email@someone.com\nBcc: your.email@yourprovider.com_ as the email and see if you receive a copy. If so, you are vulnerable and collaborating with a spammer. – ThoriumBR Jul 07 '15 at 13:09
  • @ThoriumBR Thanks. That seems to be the problem. I'm assuming a change to the php code to filter CR+LF would stop the spam? – Jahan Jul 07 '15 at 21:01
  • @Jahan Don't use PHP _mail()_, use a dedicated class to send them. PHP Mailer is a good one. Pair it with a Captcha, and you will have some protection. – ThoriumBR Jul 07 '15 at 21:04
  • Based on the **email** and **phone** fields, I believe this may be related: [_What is the purpose of “gibberish” comments posted to my blog?_](http://security.stackexchange.com/q/56863/38377). – IQAndreas Sep 23 '15 at 06:14

1 Answers1

0

Yes, add a captcha to all exposed forms or contact pages on the internet to prevent spam like this

neonprimetime security
  • 936
  • 4
  • 15