8

I'm a bit confused as to why people make bots to do this - is it to find vulnerabilities?

I recently upgraded my contact form security with more client and server side validation, including a honeypot and log/ban to stop erroneous submissions on my contact forms.

While this cured the issue quick fast and in a hurry, I'm still not 100% sure why this even happens.

continued Most of the submissions were gibberish, however, I did recently have an email hijacked and a malicious script tried to send thousands (almost 6,000) spam emails in just a few minutes.

I think a weak password was the cause and I'm not convinced they're related, but the possibility looms in my mind. Thankfully, my server has a threshold of 500 emails per hour and cut it 5,500 short.

Improve this question

3 Answers 3

Reset to default
12

They search for and fill in every form they can find. They're looking for any vulnerability that they can exploit for their gain. It might be to see if they can gain access to your site or web server. It can be to compromise your form to send out spam.

It's worth their time to do because it's all automated. They just set their bots free and let them go about their business. Their cost is low and the potential reward is high.

Improve this answer
3
  • Could you please elaborate on the potential vulnerabilities? Obviously unsecured uploads and links to malicious software are potential threats, but I'd like to make sure my bases are covered. SQL injection could also be a threat, but I use bound parameters via PDO and sanitize server-side prior to any database transaction.
    – kcdwayne
    Commented May 16, 2014 at 14:05
  • 3
    They'll check to see if you allow header injections in your email. If you do, they'll use your form to send spam. It's kind of a broad topic but it sounds like you understand more than the basics already.
    – John Conde
    Commented May 16, 2014 at 14:14
  • ^ This sounds like a possible explanation for the 6k emails sent. Thanks for the information.
    – kcdwayne
    Commented May 16, 2014 at 14:25
6

I'm the author of the free open source Ostermiller Contact Form which is designed to thwart spammers.

I have found that the biggest reason that spammers fill in your contact form is link spam. To many spam bots, you contact form looks little different than a guest book form or a form to comment on a blog. My contact form software has rules that disallow HTML code for links (<a href=) and bb code for links ([url=...]). This simple fix stops about 80% of the spam bots that try to fill in the form.

The second biggest reason is to advertise directly to you as a webmaster. I see automated link exchange requests, SEO services advertisements, hosting offers, Nigerian scams, etc. Techniques like hidden fields that shouldn't be filled out, and captcha effectively stop these types of submission.

Improve this answer
3
  • I get ads on my contact form all the time. I can't believe people fall for those fake ads. But if they're doing, it's because it's working.
    – gdaniel
    Commented May 16, 2014 at 16:16
  • Can you explain what is "link spam"?
    – Vincent
    Commented Oct 11, 2023 at 15:21
  • Spammers are trying to submit text with links on it in the hopes that it gets published on your website. When their links are published, they hope it will help their search engine rankings. Their software isn't smart enough to distinguish between forum post forms and contact forms. See ahrefs.com/seo/glossary/link-spam
    – Stephen Ostermiller
    Commented Oct 11, 2023 at 15:51
1

Another case can be filling out forms and giving someone else's e-mail -- either purely to annoy them with junk mail, or in the hope that they can sneak their malware link into a copy sent to the supposed sender.

And another, of course, is a denial-of-service attack -- either on you, or by using that possible automated response note to get you to anonymize an attack on someone else's machine.

In both of these, they're trying to use your form to hide their actual identity.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.