On friday I received a message via my contact form that looked a lot like the comment spam that blogs normally get: with a generic reference to my site content ("Well done very nice page" etc.), and a link to what obviously looks like a spammer's site. Signed with a name and email address. Unfortunately my web hoster's logfiles weren't accessible (again), so I couldn't check whether this was a manual "attack" or from a bot.
Well the logfiles just started working again, so I had a quick look and now I'm a bit worried. Look at the (abbreviated) excerpt from the Apache access logs:
[02/Dec/2005:15:40:42 +0100] "GET /weblog/archive HTTP/1.1" 301 [02/Dec/2005:15:40:42 +0100] "GET /weblog/archive/ HTTP/1.1" 200 [02/Dec/2005:15:40:43 +0100] "GET /contact/ HTTP/1.1" 200 [02/Dec/2005:15:40:43 +0100] "POST /contact/index.php HTTP/1.1" 200
In other words, this either is an incredibly fast surfer or what looks very much like a fully automated bot. These are the only requests made from the spammer's IP address on that day, which means this bot is also very efficient.
For people unfamiliar with Apache logfiles I'll paraphrase the above:
- First the bot requests an arbitrary page, probably the result of a web search. The request is answered with an "HTTP 301 Moved Permanently" response from my server, which tells it to retry the request with an added slash.
- The bot abides and requests the correct page.
- The next request: my contact page, where there is a form to write me a message.
- And still within the same second the bot finds and submits this form with all fields properly filled in.
I'm not so much irritated by the fully automated fashion of the affair, after all this is not rocket science; but what threw me off was the fact that it went directly from the archive to the contact page when on the same page there are dozens of links to blog pages with standard MovableType comment forms.
Sweet Baby Jesus. If this catches on I might just as well post an email address. Blog comments can be shielded with comment spam plugins, and email filters are amazingly efficient -- but I don't feel like implementing the same technology for my little contact form. Crazy times.
Comments
Yep, form spam is ubiquitous now...
At my employer's website, I implemented a control based on this phpBB plugin:
- at least 5 seconds needed between requesting and submitting form
- unique form field names and crypographically linked values generated on the fly are controlled upon submission
Pascal Van Hecke, 2006-07-08 00:37 CET (+0100) Link
Comments are closed. You can contact me instead.