Server Attacks

**The Killing Joke** · June 19th, 2007, 04:18 PM

Hi Everybody,

I've got an online form on my Server, where people can request information on my company and its services... For the past three days, somebody has been using some 'bot' or something, sending useless names and E-Mail addresses to the form.

It's been very intermittent, however, because I've got the form configured to send me an E-Mail whenever somebody requests information, I receive four or five new E-Mail messages every day.

I don't think it's a DoS Attack, as it's not frequent enough to do any damage. Has anyone come across this before? What's the best way to combat this?

Anyone?

**silence** · June 19th, 2007, 04:22 PM

if it's that low of a frequency it most definitely NOT a DoS attack

if ur forums are configured properly u should be able to get their IP and ban the user's IP so the attack stops.

i dont know what forums ur using though

**Wesley Crusher** · June 19th, 2007, 04:29 PM

Probably some automated software probing for ways to exploit your form.

**SKULLCRUSHER** · June 19th, 2007, 05:32 PM

I have seen what seems to be a good method of preventing bots from submitting the forms through a random verification process. Everyone has probably filled out a form or field that requires you to fill in a random letter / number combination generated by the site into a text box. If you fill in the appropriate text the form is submitted, but because the bot cant do that you dont get this type of crap bothering you all the time.

Hopefully you get what I mean... lol

**The Killing Joke** · June 19th, 2007, 05:49 PM

Good idea, Skully... It's a basic form I built in ASP, so it's got really low impact... It'll only send E-Mails in the back-end, from the Server side, so it doesn't really bother me - it's just a pain to get the E-Mails.

**manofphat** · June 19th, 2007, 11:03 PM

Skully and Wes are right. There are bots online that read your shit and take advantage of it for spam. That's probably what's going on. Try doing what Skully said and requiring the user to enter some sort of answer to a question that would only mean that he was human. Something such as, "What color is the sky" and the user would have to say blue or else the message isn't delivered.

Or if you wanted to get really fancy, make it so if they don't answer that question the subject line gets tagged differently and set up a mail filter in your client that makes it so it sends those messages to a different folder so you can review them later