: Why do bots search for / fill and send contact forms? I'm a bit confused as to why people make bots to do this - is it to find vulnerabilities? I recently upgraded my contact form security
I'm a bit confused as to why people make bots to do this - is it to find vulnerabilities?
I recently upgraded my contact form security with more client and server side validation, including a honeypot and log/ban to stop erroneous submissions on my contact forms.
While this cured the issue quick fast and in a hurry, I'm still not 100% sure why this even happens.
continued
Most of the submissions were gibberish, however, I did recently have an email hijacked and a malicious script tried to send thousands (almost 6,000) spam emails in just a few minutes.
I think a weak password was the cause and I'm not convinced they're related, but the possibility looms in my mind. Thankfully, my server has a threshold of 500 emails per hour and cut it 5,500 short.
More posts by @Frith620
3 Comments
Sorted by latest first Latest Oldest Best
Another case can be filling out forms and giving someone else's e-mail -- either purely to annoy them with junk mail, or in the hope that they can sneak their malware link into a copy sent to the supposed sender.
And another, of course, is a denial-of-service attack -- either on you, or by using that possible automated response note to get you to anonymize an attack on someone else's machine.
In both of these, they're trying to use your form to hide their actual identity.
I'm the author of the free open source Ostermiller Contact Form which is designed to thwart spammers.
I have found that the biggest reason that spammers fill in your contact form is link spam. To many spam bots, you contact form looks little different than a guest book form or a form to comment on a blog. My contact form software has rules that disallow HTML code for links (<a href=) and bb code for links ([url=...]). This simple fix stops about 80% of the spam bots that try to fill in the form.
The second biggest reason is to advertise directly to you as a webmaster. I see automated link exchange requests, SEO services advertisements, hosting offers, Nigerian scams, etc. Techniques like hidden fields that shouldn't be filled out, and captcha effectively stop these types of submission.
They search for and fill in every form they can find. They're looking for any vulnerability that they can exploit for their gain. It might be to see if they can gain access to your site or web server. It can be to compromise your form to send out spam.
It's worth their time to do because it's all automated. They just set their bots free and let them go about their business. Their cost is low and the potential reward is high.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.