Testing, Testing, Spam Relay Open?

If you get funny submissions from your website contact form you may have wondered, “what’s going on?” Here is a sample of the type of form submission that you may be getting:

firstName2: atfkbja
lastName2: atfkbja
Street: uwTnCHgFWbtDZEameGH
City: New York
State: —
Zip: 101rand[0,
BusinessPhone1: KGR
BusinessPhone2: WoM
BusinessPhone3: mcdX
BusinessPhone4: ImTIDlComments: yggULo
<a href=”http://ncrunlbfzqmn.com/“>ncrunlbfzqmn</a>,
[url=http://acppnvcxefkp.com/]acppnvcxefkp[/url],
[link=http://sukuwtwotdmm.com/]sukuwtwotdmm[/link], http://equynulmfvaa.com/

Even if you have a Catchpa or human verification code employed on your form, you may still get submissions like this. These robots are not actually completing your form, but rather spidering the form and then going right to your cgi-bin and acting on your form script. They are looking for a vulnerability to see if your server can be used as a spam relay. If you get forms like this, don’t be alarmed, as if you are working with a quality web host, your form script and send mail server are most likely secure, but not always.

Spammers once they find a website script with a vulnerability will use your band width on your hosting site to spew out their spam messages with your email and your website as the sender. One way to identify if your site is being used as a spam relay is that you may be getting hundreds of bounced messages back to your own email inbox with your own name on them.

As bounced messages do not always mean that your server is a spam relay, it is important to get with your web host and check first. It could be that your domain name is being spoofed but that your server is hacker and spam free. In other cases your server could be sending out thousands of spam messages with your name attached; potentially getting your domain name and server IP address blacklisted.

If you feel that you are getting an inordinate number of these types of forms, now is the time to get with your web host and ask them to check to make sure your server has not been compromised and is now acting as a spam relay without delay. It is not uncommon to get three or four of these types of forms a day, but if you are getting lots you should dig deeper by sending some samples to your web host and asking them to check your server.