[DUG] Contact form page
Jolyon Smith
jsmith at deltics.co.nz
Thu Mar 20 08:30:51 NZDT 2014
+1 for a spambot.
The "smoking gun" for me is the fact that if it was a case of valid details
being "munged" by a Unicode or codepage issue then I would not expect this
to affect numeric digits (as in phone numbers) and I certainly wouldn't
expect the only piece of data to survive any munging to be the "@" and
".com" in the email address.
My guess is that if that field on the form were not labelled as "Email"
then this field would also have simply been filled with junk but the
spambot is doing a minimal amount of work to try to ensure that the junk
details pass basic validation (i.e. is a valid email address). It is
surprising that it isn't doing the same thing for a field labelled "Phone"
and filling it with a phone number (tho the correct format for this is
potentially geographically sensitive so may not have been considered worth
the effort), but in any case I doubt that spambots go through rigorous
functional requirements, design, i18N and testing before being deployed. :)
J
On 19 March 2014 20:10, John C <jc at sunshinesoftware.co.nz> wrote:
> Hi all
>
>
>
> I have this website with a contact page (in PHP & html) where any person
> can submit a request with their contact details which is emails to me after
> clicking a submit button.
>
> All works fine, however. So now and then I receive an email from this
> website/page but details don't seem being filled in at "page level" but in
> another way. This as the page does a submit validation check and the
> submitted phone number is e.g. " LbXwjLfDDTFkIuBkPP " something my
> validator doesn't allow for.
>
>
>
> Also other details are like:
>
> Name: Bjmpynut
>
> Organisation: ahTKXyxtYnCdo
>
> Position: Bjmpynut
>
> Phone: LbXwjLfDDTFkIuBkPP
>
> Email: gipnpmhk at uohrokgr.com
>
>
>
> All looks very suspicious. Any clues how this could happen at all and how
> to prevent this?
>
>
>
> The webpage in question is at http://www.relacs.co.nz/ContactUs.php
>
>
>
> The email creator resides in the post process of the page like:
>
> if($_POST['Submit']=="Submit")
>
> {
>
> $Name = $_POST['InputName'];
>
> $Email = $_POST['InputEmail'];
>
> $Phone =$_POST['InputPhone'];
>
> $Company = $_POST['InputCompany'];
>
> $Position = $_POST['InputPosition'];
>
> $Subject = $_POST['Subject'];
>
> $Comment = $_POST['InputComment'];
>
>
>
> $body = "Name: $Name\n\n";
>
> $body.= "Company: $Company\n\n";
>
> $body.= "Position: $Position\n\n";
>
> $body.= "Phone: $Phone\n\n";
>
> $body.= "Email: $Email\n\n";
>
> $body.= "Subject: $Subject\n\n";
>
> $body.= "Comment: $Comment";
>
>
>
> $Receiver = "
> info at relacs.co.nz" ;
>
> $send = mail($Receiver, "Feedback website
> - RELACS", $body, "From: $Email");
>
> $Msg = "Thank you $Name for your feedback.
> We will get back to you ASAP";
>
> }
>
>
>
>
>
> Thanks for any help and/or suggestions.
>
>
>
> John Ch
>
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at listserver.123.net.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with
> Subject: unsubscribe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserver.123.net.nz/pipermail/delphi/attachments/20140320/1c68318c/attachment.html
More information about the Delphi
mailing list