Announcement

Collapse
No announcement yet.

Contact Form Spam

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Contact Form Spam

    I have started getting a lot of spam through our Actinic contact form. It appears that they are generated automatically. Anyone have any idea of how to stop this?
    Fitness for life!www.fitness-focus.co.uk


    DIFN - Doing nothing is not an option

    The Supplement Warehouse - Bodybuilding & Fitness Supplements

    #2
    yeah, i just started getting the same thing,
    just seem to be random names but with the same message
    and with some random sentances at the bottom of the email (i am guessing these have something to do with getting through spam filters)
    www.incredibid.co.uk

    Comment


      #3
      I've noticed that actinic forms send an acknowledgement of receipt of form filling, this contains the address

      I don't know if this is being used as a vulnerability

      Comment


        #4
        I guess you need to add a 'captcha' test.

        Mike
        -----------------------------------------

        First Tackle - Fly Fishing and Game Angling

        -----------------------------------------

        Comment


          #5
          Originally posted by olderscot
          I guess you need to add a 'captcha' test.

          Mike
          I enquired about that a while ago, but with no replies. Do you know how easy it would to integrate one?

          Pete

          Comment


            #6
            That is one for the wish list. Checking with development if there is something we can do.

            Kind regards,
            Bruce King
            SellerDeck

            Comment


              #7
              We are being used for this too - lots today. This is a major flaw in Actinic, and I'm surprised it is there. Basic formmail security issue. Obviously someones found Actinic is popular and is now sending betting spam to people. I'd appreciate any clues on how to remove the email link completely until this is fixed. I presume it is the same in v8, or should I upgrade immediately?

              Matthew
              Matthew

              Comment


                #8
                Hi Guys

                I do not think that this is appropriate for the wishlist I would say it needs to go to the top of an urgent security update?

                JMHO

                Regards
                Affordable solutions for busy professionals.
                Website Maintenance | UK Web Hosting

                Comment


                  #9
                  Design Options > Navigation and remove the Contact us details or if you have hard coded it remove the NETQUOTEVAR:NAVBMAIL.
                  Fitness for life!www.fitness-focus.co.uk


                  DIFN - Doing nothing is not an option

                  The Supplement Warehouse - Bodybuilding & Fitness Supplements

                  Comment


                    #10
                    I just worked out it is Act_ContactUs.html, and can of course comment out the form, but that doesn't stop any of the spammers as they will be calling the Perl directly with a Post. Fixing this spam leak should be a high priority - the form must never send to anyone other than a designated destination otherwise it is a spammers paradise.
                    Matthew

                    Comment


                      #11
                      Originally posted by Owen Drumm
                      Design Options > Navigation and remove the Contact us details or if you have hard coded it remove the NETQUOTEVAR:NAVBMAIL.
                      Does that stop the perl, or just hide the link. The spammers don't care about the link, they go direct to the form script.

                      Matthew
                      Matthew

                      Comment


                        #12
                        A temporary work around would be to substitute the Contact us link with the following code, it will look like a normal link to customers, but will protect your email address:

                        <script type=text/javascript>
                        var _u = "sales";
                        var _d = "domain.co.uk";
                        var _l = _u + "@" + _d;
                        var _m = "click to email us";
                        document.write("<a href='mailto:"+_l+"'>"+_m+"</a>");
                        </script>

                        Change the 'sales' and 'domain.co.uk' to your own email address.

                        Kind regards,
                        Bruce King
                        SellerDeck

                        Comment


                          #13
                          Bruce,

                          Thanks for the info, but that doesn't solve the problem. Once a spammer has identified your site as an Actinic site, they can access the .pl file directly. No fiddling with the form will help. The fix has to be to the script that does the emailing, and it just has to not email the email address, only yours.

                          Matthew
                          Matthew

                          Comment


                            #14
                            I'm assured, outside of this thread, that this is being looked at seriously. I hope the script gets significantly tightened to only send to the vendor and never to the outside world. Thanks!

                            Matthew
                            Matthew

                            Comment


                              #15
                              Can someone confirm that the Actinic mail script is actually insecure? If this is the case I need to get it removed from my site. I can't believe such a basic security issue would have gone unfixed for so long.

                              simon
                              Cult Pens

                              Comment

                              Working...
                              X