Contact Form Spam Bots Ahead

Martin Dittus · 2005-12-05 · stuff · 1 comment

On friday I received a message via my contact form that looked a lot like the comment spam that blogs normally get: with a generic reference to my site content ("Well done very nice page" etc.), and a link to what obviously looks like a spammer's site. Signed with a name and email address. Unfortunately my web hoster's logfiles weren't accessible (again), so I couldn't check whether this was a manual "attack" or from a bot.

Well the logfiles just started working again, so I had a quick look and now I'm a bit worried. Look at the (abbreviated) excerpt from the Apache access logs:

[02/Dec/2005:15:40:42 +0100] "GET /weblog/archive HTTP/1.1" 301
[02/Dec/2005:15:40:42 +0100] "GET /weblog/archive/ HTTP/1.1" 200
[02/Dec/2005:15:40:43 +0100] "GET /contact/ HTTP/1.1" 200
[02/Dec/2005:15:40:43 +0100] "POST /contact/index.php HTTP/1.1" 200

In other words, this either is an incredibly fast surfer or what looks very much like a fully automated bot. These are the only requests made from the spammer's IP address on that day, which means this bot is also very efficient.

For people unfamiliar with Apache logfiles I'll paraphrase the above:

I'm not so much irritated by the fully automated fashion of the affair, after all this is not rocket science; but what threw me off was the fact that it went directly from the archive to the contact page when on the same page there are dozens of links to blog pages with standard MovableType comment forms.

Sweet Baby Jesus. If this catches on I might just as well post an email address. Blog comments can be shielded with comment spam plugins, and email filters are amazingly efficient -- but I don't feel like implementing the same technology for my little contact form. Crazy times.

Next article:

Previous article:

Recent articles:


Yep, form spam is ubiquitous now...
At my employer's website, I implemented a control based on this phpBB plugin:
- at least 5 seconds needed between requesting and submitting form
- unique form field names and crypographically linked values generated on the fly are controlled upon submission

Pascal Van Hecke, 2006-07-08 00:37 CET (+0100) Link

Comments are closed. You can contact me instead.