[DUG] Contact form page

Steve Peacocke steve at peacocke.net
Thu Mar 20 08:52:27 NZDT 2014 

I do ask though, that if this is SpamBot, where's the message? 

Surely they want to sell you bigger body parts, boots, shares, the Brooklyn Bridge, or get assistance for that 35 mill they have sitting in an account. 

Sending junk specifically designed to get past the email checker seems pointless for a spambot. 

Steve Peacocke
+64 220 612-611


> On 20/03/2014, at 8:30 am, Jolyon Smith <jsmith at deltics.co.nz> wrote:
> 
> +1 for a spambot.
> 
> The "smoking gun" for me is the fact that if it was a case of valid details being "munged" by a Unicode or codepage issue then I would not expect this to affect numeric digits (as in phone numbers) and I certainly wouldn't expect the only piece of data to survive any munging to be the "@" and ".com" in the email address.
> 
> My guess is that if that field on the form were not labelled as "Email" then this field would also have simply been filled with junk but the spambot is doing a minimal amount of work to try to ensure that the junk details pass basic validation (i.e. is a valid email address).  It is surprising that it isn't doing the same thing for a field labelled "Phone" and filling it with a phone number (tho the correct format for this is potentially geographically sensitive so may not have been considered worth the effort), but in any case I doubt that spambots go through rigorous functional requirements, design, i18N and testing before being deployed.  :)
> 
> J
> 
> 
>> On 19 March 2014 20:10, John C <jc at sunshinesoftware.co.nz> wrote:
>> Hi all
>> 
>>  
>> 
>> I have this website with a contact page (in PHP & html) where any person can submit a request with their contact details which is emails to me after clicking a submit button.
>> 
>> All works fine, however. So now and then I receive an email from this website/page but details don't seem being filled in at "page level" but in another way. This as the page does a submit validation check and the submitted phone number is e.g. " LbXwjLfDDTFkIuBkPP " something my validator doesn't allow for.
>> 
>>  
>> 
>> Also other details are like:
>> 
>> Name: Bjmpynut
>> 
>> Organisation: ahTKXyxtYnCdo
>> 
>> Position: Bjmpynut
>> 
>> Phone: LbXwjLfDDTFkIuBkPP
>> 
>> Email: gipnpmhk at uohrokgr.com
>> 
>>  
>> 
>> All looks very suspicious. Any clues how this could happen at all and how to prevent this?
>> 
>>  
>> 
>> The webpage in question is at http://www.relacs.co.nz/ContactUs.php
>> 
>>  
>> 
>> The email creator resides in the post process of the page like:
>> 
>>                 if($_POST['Submit']=="Submit")
>> 
>>                 {
>> 
>>                                 $Name = $_POST['InputName'];
>> 
>>                                 $Email =  $_POST['InputEmail'];
>> 
>>                                 $Phone =$_POST['InputPhone'];
>> 
>>                                 $Company = $_POST['InputCompany'];
>> 
>>                                 $Position = $_POST['InputPosition'];
>> 
>>                                 $Subject  = $_POST['Subject'];
>> 
>>                                 $Comment = $_POST['InputComment'];
>> 
>>  
>> 
>>                                 $body = "Name: $Name\n\n";
>> 
>>                                 $body.= "Company: $Company\n\n";
>> 
>>                                 $body.= "Position: $Position\n\n";
>> 
>>                                 $body.= "Phone: $Phone\n\n";
>> 
>>                                 $body.= "Email: $Email\n\n";
>> 
>>                                 $body.= "Subject: $Subject\n\n";
>> 
>>                                 $body.= "Comment: $Comment";
>> 
>>  
>> 
>>                                 $Receiver               = "info at relacs.co.nz" ;
>> 
>>                                 $send = mail($Receiver, "Feedback website - RELACS", $body, "From: $Email");
>> 
>>                                 $Msg = "Thank you $Name for your feedback. We will get back to you ASAP";
>> 
>>                 }
>> 
>>  
>> 
>>  
>> 
>> Thanks for any help and/or suggestions.
>> 
>>  
>> 
>> John Ch
>> 
>> 
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at listserver.123.net.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with Subject: unsubscribe
> 
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at listserver.123.net.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with Subject: unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserver.123.net.nz/pipermail/delphi/attachments/20140320/dc4a29cd/attachment-0001.html

More information about the Delphi mailing list