It's Not a Client - It's Contact Form Spam

Contact form spam is a unique strategy that targets the contact form on your website.  Most of the contact forms being compromised are written in the popular PHP script.  Though this type of spam is rarer the most, a fair number of individuals have become victims. 

Protecting yourself from contact form spam

Spammers have made a growing trend out of using contact forms as the base of mass mailings.  With that comes the need to know what it takes to prevent this from happening.  The first step is recognizing how you may become a victim. 

The most logical way to find out if your contact forms have been compromised is to monitor your inbox.  If the spammers have begun their efforts, you may notice several returned messages as a result of your email address not being recognized. 

Spammers that make a habit out of hijacking contact forms do it by taking advantage of vulnerabilities in the PHP language.  This allows them to implement additional mail headers in a user's email text fields.

Just like all types, contact form spam can be contained by tightening up on security and validation of form pages.  These attempts at hijacking pose such a tremendous threat because the attacker will use your site's mail server to distribute literally hundreds or thousands of spam to unsuspecting recipients.  If you happen to notice signs of this malicious activity, it is certainly time to start investigating the matter. 

Here a few things that can be done to limit the risks of being victimized by contact form spam:

·         -Enforce strict contract form validation - This factor is often easily overlooked.  Don't take the standard route by relying on Javascript.  Server-side scripts such as ASP or advanced PHP are recommended

·         -Make sure the values of your forms do not contain data from email headers.

·         -Reduce the number of required characters to a reasonable level.

·         -Be aware of certain text that may represent keywords, phrases or codes.  This is certainly an indication of spam.

·        -Make use of the Capatcha feature.  This will force the participant to enter a numerical or alphabetical sequence before the information goes through.  The Capatcha will help you determine if the form is being submitted by a human or a spambot. 

·         -Validate all sessions - Be sure to create a special session for every visitor.  You can do this by storing random values on the server.  Add that to the hidden areas on your contact form and validate it by making a comparison with data placed on the server.  In most cases, the values will not match up if the contact form is being completed by an automated program.

·-         -Log and analyze IP addresses - There is a great chance that a spammer from a specific IP will constantly submit your contact forms over a short time frame.  Study your server logs and use this to detect activity from spammers and configure the proper restrictions.

Tightening up security is the defense in fighting contact form spam.  If there is a multitude of vulnerabilities in the form, the Capatcha may not be able to stop someone from spamming it. 

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

Fraud causes hundreds of millions of dollars in damage each year and affects just as many people.

Credit card fraud is the most common type of fraud to occur each year and cost its victims up to $500 million dollars in damages each year. Despite the frequent occurrence of this type of fraud, millions of credit card users are still unaware of how to protect themselves against this type of thievery.

No one is completely safe from being defrauded. But, by learning how to protect against fraud, you will be better equipped to prevent yourself from falling into a scam that could cost you everything. Taking the time to protect yourself can help to keep you safe.