Avoid "Spam Injection" attacks on your web site by using Web-form-buddy!
Recently there has been a big increase in "spam injection" attacks on web sites that use poorly written scripts to power their web forms.
If you use web-form-buddy you are completely protected against these types of attack!
Who is vulnerableAny page on the Internet with a web form is likely to be probed sooner or later by the spammer "bad guys". They are looking for forms that are powered by poorly written scripts that do not thoroughly check and filter the data in the form submission.
What are the consequencesOnce a vulnerable form is discovered the bad guys will be able to take over your server and use it as "spam relay". That means that 000's of emails will be distributed across the Internet with your server as the identifiable source of the spam. This is not the same as "domain name hijacking" when spammers forge your domain name as the reply address on their emails. In that case it is easy for the Internet "police" to see that your server is innocent. But with spam injection the problem is much greater:
Spam injection is much worse than domain hijacking as your server is at fault and will take the rap for the spam!
Eventually your server will be blacklisted and cast into the Internet wilderness. Your business reputation will be severely damaged and your ISP may even insist you close your web site down.
How the attack worksThe bad guys use "zombies" (PC's that they have been able to take over) to scan the Internet for web pages containing forms. They try to insert some special code into the fields of your form that will trick your server into sending the form email to a different address, an address that your server is fooled into thinking is specified in a "bcc" field. To begin they will test your server to see if they can re-route the form to send email to a throwaway email address (usually an AOL address).
If that works they know they are in business and they have your server enslaved as the latest recruit to their zombie empire!
How you will know you are a victimYou may never know! (until it's too late).
Perhaps you will notice some slow down in your server's performance. If you're lucky you may suddenly start to see an enormous number of emails bouncing back to you - emails you never sent! That happens with domain name hijacking too, so you will need to investigate as to the underlying cause. However with most regular hosting setups you share your mail server with a number of other users. So you would not see the bounced emails as they will be returned to the system administrator that has root access to your machine. Hopefully he/she will be monitoring these and will come knocking on your door to find out what's going on!
How to prevent spam injectionAll professional Internet programmers know that you must check all data you receive through CGI prior to processing it. If you do so, and do so properly, there is no chance of a web form spam injection attack succeeding. Unfortunately many of the scripts installed on web sites do not follow this basic principle. Even large professional web design companies have been known to deploy amateurish and badly thought out PHP and Perl scripts with no security considerations whatsoever.
We would strongly recommend that you contact your web designer, software developer or web design bureau and ask that they confirm that they are aware of the problem and that they have taken the necessary steps to protect against spam injection attacks
And remember:If you use web-form-buddy you are completely protected against these types of attack!
Useful links:
- Interesting Crack Attempt to Relay Spam. A very full discussion by Anders Brownwort on his blog
- Struggling with the problem. Victims of the problem share their thoughts
~ Get started with Web-form-buddy today - take the free 14 day trial! ~