I have been getting tons of email spam from my own domain name. It is coming from a contact form that uses sendmail.php. My guess is someone is trying to use it to spam other people, but it keeps going directly into my inbox. I can't block sender. I can't flag as spam. And, I can't discover who the spammer is.
Any suggestions would be appreciated.

Recommended Answers

All 9 Replies

Make sure that you are validating all of the data from your form and don't send mail unless all the data is filled in correctly.

Consider changing the names of the form elements. Bots are probably posting data to your mail script without actually checking the form. Changing the names will throw a hitch in the process.

You should be able to grab the senders ip from your script, include the ip in the email and block the ips from spammers.

If your script is in PHP I can help you if you like.

I have been getting tons of email spam from my own domain name. It is coming from a contact form that uses sendmail.php. My guess is someone is trying to use it to spam other people, but it keeps going directly into my inbox. I can't block sender. I can't flag as spam. And, I can't discover who the spammer is.
Any suggestions would be appreciated.

The same exact problem i had, until i discovered these spammers particularly target servers with file names submit.php, sendmail.php

what you do is

1. Either rename the file sendmail.php as <any>sendmail.php
2. Use image verification (effective/recommended). Just generate a random no on image and ask your visitors to verify the image.

And, these spammers generate random data and i later found that whereever i had user submitted forms my database is inserted with full of junk atleast my database got inserted with about 5-10 junk a day. Everything was solved until i used image verification.

Hope this helps.

The best way that I've found personally is to impliment an image verification system. Unfortunately some smart-ass spammers have also found a way around it (thankfully I've not been myself attacked)... but it is the best possible way currently.

The best way that I've found personally is to impliment an image verification system. Unfortunately some smart-ass spammers have also found a way around it (thankfully I've not been myself attacked)... but it is the best possible way currently.

Hey guys... I run a forum
I was using Image Verification with many spammers still getting through so I switched to textual confirmation.

Ie "What is Musoc? The _______ Society" (ans=music)
Things like this work really well.

I am sorry to pester you all though, but I really need your help. On the same site I am having huge spam problems. I want to do a similar thing -- by putting in a random question with a set answer, but I don't know how.

Can anyone help?

Could I make a section in my form with a question like the above (What is MuSoc? The ______ Society). --> then how do I write the answer in my php form? Would it be something like;

I need a script that will achieve the following;

if ($blockspamanswer #doesnotequal# music) {
header( "Location: $errorurl" );
exit ;
}

I don't know if this makes sense guys, but I really need my php script to block the mail send if they get the answer wrong. Any help would be massively appreciated. So sorry for such a huge thread. :( but I really need to pick all of your brains for help please. :)

If I could have multiple corrent answers and help randomising the questions that appear on my contact.php location that would really help too. Thanks for your time guys and gals,

Honest best wishes and kind regards,
Tom Hilliar,
Sydney, NSW,
Australia.

I have been getting tons of email spam from my own domain name. It is coming from a contact form that uses sendmail.php. My guess is someone is trying to use it to spam other people, but it keeps going directly into my inbox. I can't block sender. I can't flag as spam. And, I can't discover who the spammer is.
Any suggestions would be appreciated.

Implement something server-side to only process $_POST requests originating from your domain name.

Dani are you talking about checking the referer or something else?

Checking the referer should do it.

you have to add a file input

<input type="file" name="upload">

then when it gets uploaded you have to get the temp name and load it into an array or variable tehn send it to the user they want. so basically you have to look into the headers and content through headers. if you don't understand php then it will be difficult to setup as it really gets into the headers and mime-types.

Hello,

Easiest way make one confirmation page after form submission page.

Spammer and softwares never confirm that page.

Thanks

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.