[DUG] Contact form page

Jolyon Smith jsmith at deltics.co.nz
Thu Mar 20 09:12:37 NZDT 2014 

True, although the sorts of people that develop spambots includes those who
just do it to see if they can.  Although I rather flippantly said that
spambots don't go through a rigorous SDLC, this might be a first iteration
of a spambot that will evolve as it's author gains confidence, ability and
eventually decides what the bot will do for him/her.

The particular spambot involved might already be out there in a later
incarnation doing something more "useful" for it's author.  I doubt that
the creators of these things are too concerned with going around cleaning
up their older, flawed attempts.

By definition, we aren't talking about people with any sense of
responsibility.  :)


On 20 March 2014 08:52, Steve Peacocke <steve at peacocke.net> wrote:

> I do ask though, that if this is SpamBot, where's the message?
>
> Surely they want to sell you bigger body parts, boots, shares, the
> Brooklyn Bridge, or get assistance for that 35 mill they have sitting in an
> account.
>
> Sending junk specifically designed to get past the email checker seems
> pointless for a spambot.
>
> Steve Peacocke
> +64 220 612-611
>
>
> On 20/03/2014, at 8:30 am, Jolyon Smith <jsmith at deltics.co.nz> wrote:
>
> +1 for a spambot.
>
> The "smoking gun" for me is the fact that if it was a case of valid
> details being "munged" by a Unicode or codepage issue then I would not
> expect this to affect numeric digits (as in phone numbers) and I certainly
> wouldn't expect the only piece of data to survive any munging to be the "@"
> and ".com" in the email address.
>
> My guess is that if that field on the form were not labelled as "Email"
> then this field would also have simply been filled with junk but the
> spambot is doing a minimal amount of work to try to ensure that the junk
> details pass basic validation (i.e. is a valid email address).  It is
> surprising that it isn't doing the same thing for a field labelled "Phone"
> and filling it with a phone number (tho the correct format for this is
> potentially geographically sensitive so may not have been considered worth
> the effort), but in any case I doubt that spambots go through rigorous
> functional requirements, design, i18N and testing before being deployed.  :)
>
> J
>
>
> On 19 March 2014 20:10, John C <jc at sunshinesoftware.co.nz> wrote:
>
>> Hi all
>>
>>
>>
>> I have this website with a contact page (in PHP & html) where any person
>> can submit a request with their contact details which is emails to me after
>> clicking a submit button.
>>
>> All works fine, however. So now and then I receive an email from this
>> website/page but details don't seem being filled in at "page level" but in
>> another way. This as the page does a submit validation check and the
>> submitted phone number is e.g. " LbXwjLfDDTFkIuBkPP " something my
>> validator doesn't allow for.
>>
>>
>>
>> Also other details are like:
>>
>> Name: Bjmpynut
>>
>> Organisation: ahTKXyxtYnCdo
>>
>> Position: Bjmpynut
>>
>> Phone: LbXwjLfDDTFkIuBkPP
>>
>> Email: gipnpmhk at uohrokgr.com
>>
>>
>>
>> All looks very suspicious. Any clues how this could happen at all and how
>> to prevent this?
>>
>>
>>
>> The webpage in question is at http://www.relacs.co.nz/ContactUs.php
>>
>>
>>
>> The email creator resides in the post process of the page like:
>>
>>                 if($_POST['Submit']=="Submit")
>>
>>                 {
>>
>>                                 $Name = $_POST['InputName'];
>>
>>                                 $Email =  $_POST['InputEmail'];
>>
>>                                 $Phone =$_POST['InputPhone'];
>>
>>                                 $Company = $_POST['InputCompany'];
>>
>>                                 $Position = $_POST['InputPosition'];
>>
>>                                 $Subject  = $_POST['Subject'];
>>
>>                                 $Comment = $_POST['InputComment'];
>>
>>
>>
>>                                 $body = "Name: $Name\n\n";
>>
>>                                 $body.= "Company: $Company\n\n";
>>
>>                                 $body.= "Position: $Position\n\n";
>>
>>                                 $body.= "Phone: $Phone\n\n";
>>
>>                                 $body.= "Email: $Email\n\n";
>>
>>                                 $body.= "Subject: $Subject\n\n";
>>
>>                                 $body.= "Comment: $Comment";
>>
>>
>>
>>                                 $Receiver               = "
>> info at relacs.co.nz" ;
>>
>>                                 $send = mail($Receiver, "Feedback website
>> - RELACS", $body, "From: $Email");
>>
>>                                 $Msg = "Thank you $Name for your
>> feedback. We will get back to you ASAP";
>>
>>                 }
>>
>>
>>
>>
>>
>> Thanks for any help and/or suggestions.
>>
>>
>>
>> John Ch
>>
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at listserver.123.net.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with
>> Subject: unsubscribe
>>
>
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at listserver.123.net.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with
> Subject: unsubscribe
>
>
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at listserver.123.net.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with
> Subject: unsubscribe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserver.123.net.nz/pipermail/delphi/attachments/20140320/339a7ff7/attachment.html

More information about the Delphi mailing list