| News & Articles | |
Featured
Top Articles
Resolving and Preventing Spam Form Submissions | 2007-05-20 |
| Rating : 6.87 | |
| I was informed by my friend this morning that our website was down for 8 hrs already. True enough, when I visited the site, I received a server 500 error. So the problem must be with the server. The first thing I did was to contact the support department via the online chat feature. After a few mins of conversation with their tech guys, I was told that the website will be down if there are more than 20 processes running with that account name in the back end. I was not sure when they implemented this new rule but I could see where they were coming from. In a shared-hosting environment, they have to limit the amount of resources for each user else one person might overload the server with inefficient scripts or spam processes. | |
| Our hosting provider has been quite reputable with their up time, so I began to suspect that it could be the fault from my side. In this article, I will outline how I went through the process of performing simple fault-finding in the server and how I remedied the problem. It is assumed that your server runs in Linux and you have SSH (Secure Shell) access. And Yes, I am assuming you are a Linux NEWBIE! The first thing I did after login was to issue a 'ps' command. The command checks for all the processes running under my account.  After looking at the report, I noticed there were alot of sendmail and php processes running. It could be a php mailing script that was running continuously for some reason. I needed more information. So I issued the next command 'ps x'. This command let you view more detail of the processes.  It seemed that the file contact_us.php was spawning alot of sendmail request. Someone or a robot must be spam submitting the contact_us.php form. I had a look at the source code of the file and discovered that unlike other forms, contact_us.php does not have the CAPTCHA check. That must be the loophole. I then removed the mailing script altogether from the file. The next thing to do is to kill all the sendmail processes by using the 'kill [processID]' command. Who could have done that? Apache has an access_log that tracks anyone who visited the site at any instant and it is usually located in the '/var/log/httpd/' folder in a Linux machine. Fortunately for me, The person or robot was still spamming the site when I was investigating the problem. Theoretically, I could catch that person red handed. In the /var/log/httpd folder, I issued the command 'tail -f access_log' 
From the display, it seemed that the naughty guy is 85.249.233.5. I then tracked the IP address to be someone located in Russia, Saint Petersburg City. After a while, I noticed more IP addresses from different parts of the world accessing the file. So, the spammer must be using a distributed network of computers. What could we do? Report to authorities? Maybe yes and maybe no. Personally, I feel that the best cure is to have a robust server with secure scripts. Spammers are bound to be around and IP addresses can be faked easily today. Techniques like this is not new, we have already witness such techniques being used in forums and blogs, phpbb and wordpress especially. Alot of spammers are using dynamic IP addresses which disappears quickly and makes it very hard for us to track. So, security comes first when you are developing web applications. The next time you write the script, remember to check for loopholes, ie the possibility of someone spam submitting it. Hopefully, this short article can provide a small insight into spam form submissions and some basic server debugging techniques for Linux newbies. | |
Improve your web presence by writing articles on internet technologies. You take full credit for your articles. Sign up as our author now!
* The experience, age and background of our authors differs greatly. You will need to exercise your own judgement when reading the article.There are 1 comments on this Article.
2007-05-22
many thanks, i'm using bluehost, too
© 2005-2009 Sitecritic.net. All Rights Reserved.
