The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Thursday, May 10, 2007

How desperate do you have to be to spam someone? Part II

Okay, two days later and I have more information about that spammer: they're not trying to send email, they're trying to spam guestbooks and forums.

Before I get there, let me explain how the Obligatory Email Notification System works. When you fill in the form, your email address is added to an “optin” list, and an email is then sent. Only when you reply to that email is your email address moved from the “optin” list to the “verified” list and it's from the “verified” list that emails are sent when I make a new entry.

So I decided to check the “optin” list, and boy, was I in for a surprise. I haven't checked the actual “optin” list for, oh, three years or so? It would be an understatement to say the email addresses were predominately sex related. I grabbed one (hcl_tab_tramadol@hotmail.com) and lo, look at all that guestbook spam.

My guess: the spammer searched the net for HTML forms that looked like guestbook for forum forms, and since many guestbook forms have an email field (usually named email) they tagged my Obligatory Email Notification as a possible guestbook script (since it, too, has a field named email).

But here's where things get weird: the only fields they fill out, in regards to my Obligatory Email Notification form, are the fields defined in that form. I had hoped to see some additional fields being sent in, like comments or message (which wouldn't do anything anyway) but nope, the only fields they sent in were the fields defined for my form.

I thought maybe because I didn't have a field named comments or message they weren't sending in such a field. So I added a field named comments (it's a <TEXTAREA> but with a style of display: none).

Still, only the fields I had originally defined were being sent in.

Checking the logs, and yes, the spammer has definely cached the original form (because the spammer is simply doing a POST to the form, and not retrieving it before doing the POST). I'm going to rename the form and see if that has any effect.

One more thing though: It's one spammer doing all this, and while you would think I could just block that one IP address, I can't. That's because this particular spammer, running their script from 72.232.102.130, is using a series of open web proxies to submit the form, so the actual IP address to block changes all the time. So anyone who is getting spam to a guestbook or forum, and you're running Apache, you might want to check the environment variable HTTP_X_FORWARDED_FOR.

Obligatory Picture

[It's the most wonderful time of the year!]

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: http://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

http://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2019 by Sean Conner. All Rights Reserved.