: Website attack form submission triggering emails related questions We are experiencing website attacks that trigger the submission of a form, and send alert emails. Normal process of form submission
We are experiencing website attacks that trigger the submission of a form, and send alert emails.
Normal process of form submission is to fill up a couple of text fields, and when the user is redirected, the next page processes $_POST. If $_POST exists, then the email to intended form recipients is triggered.
What is happening right now, we are receiving the email of the form submission, three emails at a time with same information. The information per email is the same, but not all of the spam emails contain the same information, each batch of triggered emails has unique information.
The form has no captcha, and if possible we would like to keep it this way. The website has worked fine and had no spamming problems until today.
We have monitoring software for the website, but whoever is submitting this form over and over is not being recorded by the tracking software WHY IS THIS? IS THE PERSON ACTUALLY VISITING THE WEBSITE? The only suspicious visit tracked was on November 10th, and this record ALSO shows three forms submitted (this is how I identified possible first visit by attacker). Then no incidents until today.
WHAT IS THE GOAL of the spam attack? Is the attacker expecting us to respond to the bogus emails? What can they achieve with repeated submission of form
Why are three emails triggered in the row? Is this indicative that they may be using a script?
This is a PHP website. Is there a way for a client to view the PHP code of a page?
More posts by @Lee4591628
1 Comments
Sorted by latest first Latest Oldest Best
I'm not going to explain why spammer actually spam people. But, the relation between a form and a spammer is like a bear and honey: once they find one, they rush into them.
You don't want to use captcha, fine. But you will have to find an other way to go off spammer. Spammer can use 2 attacks for a form:
automatically fill the form using a bot that will also send it. You can track them with your software.
send direct POST request with all information inside (avoiding beeing on the website). You can't track them with your software because there are not browsing your website.
The honey pot for attack #1
I use a solution to not display a captcha but avoid beeing spammed: a honey pot solution. I use a solution I found on SO (with few modification): stackoverflow.com/a/8637/569101 You should add the frontend solution (which is described in the answer) but also a backend solution to check the new input. This will solve the first kind of attack.
A token for the attack #2
The second attack can be solved using a csrf token inside your form. It's a token that is generated when the form is display. The value is known by the backend (it is usually related to the user session) and when the form is submit, the backend check this token. If the token is different it means something has changed the token: it's an attack! Otherwise, it's a normal user.
This could be an approach but I recommend you to do more search about that.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.