Significant spam via forms on site

[BalearicJobs]

Hi all

I have a licensed copy of ASPMail installed on my VPS account and several forms that run off this.

Unfortunately over the last few weeks these forms have gone under frequent attack from spammers. I can receive up to 50 of these emails per day and its becoming difficult to sort the genuine emails from the spammed one. Also these emails are directly sent to my mobile phone (for quick response) and this only can show a set number of emails at a time, so while they are still held on my exchange server, I may accidentally miss an important mail.

Is there any further security measures that can be installed or any changes that I can make that may reduce this problem?

Here is a quick snippet of the type of mail I am getting;

Name: order viagra
Email : [email protected]
Telephone : 329316693544
Postal Address :
Hello , it is cool amazing page!
 <a href="http://culturitalia.uibk.ac.at/forumSLI/_forumSLI/0000016d.htm?viagra">order viagra</a>
 http://culturitalia.uibk.ac.at/forumSLI/_forumSLI/0000016d.htm?viagra
 [url=http://culturitalia.uibk.ac.at/forumSLI/_forumSLI/0000016d.htm?viagra]order viagra[/url]  
 <a href="http://www.ipwso.org/disc_posts/000031e8.htm?levitra">buy levitra</a>
 [url=http://www.ipwso.org/disc_posts/000031e8.htm?levitra]Levitra - Generic and Brand. Make Your Pharmacy Dollar Go Fur...[/url]
 [url=http://www.ipwso.org/disc_posts/000031e8.htm?levitra]buy levitra[/url]  
 <a href="http://literatureforums.com/new-revelation/_revelation/000001e1.htm?levitra">levitra online</a>
 [url=http://literatureforums.com/new-revelation/_revelation/000001e1.htm?levitra]Levitra online - High Quality Medication. Licensed USA Pharma...[/url]
 [url=http://literatureforums.com/new-revelation/_revelation/000001e1.htm?levitra]levitra online[/url]
Website Address :[url=http://culturitalia.uibk.ac.at/forumSLI/_forumSLI/0000016d.htm?viagra]Order viagra Pills. Leading Licensed Pharmacy - Unlike Any Ot...[/url]
Message Board User Name : order viagra

Thank you for your help and continuing support.

 

[Yash]

I suggest having some feature that prevents someone from the same IP sending more than a couple of emails.
Please do implement any such security features you can. If we receive spam complaints, we'll be forced to disable that end-user account or script temporarily while you fix it

 

[BalearicJobs]

I suggest having some feature that prevents someone from the same IP sending more than a couple of emails.
Please do implement any such security features you can. If we receive spam complaints, we'll be forced to disable that end-user account or script temporarily while you fix it

I wouldn't know were to start with such a thing Yash. I'm only an amature web designer (not my full time job), and I have very little understanding of ASP and mailing systems.

Is there a program I can install or setting that I can change that will prevent a person from the same IP address sending multiple emails to me via my ASPMail forms?

Also I am not sure what you are talking about when you say you will disable an end user account? I am the victim, not the perpetrator. I'm not sending spam (to my knowledge), I'm receiving it.

 

[Atul]

Such spam is generated by automated Form Submit.

Best thing would be to display some graphics with alpha numeric and ask person submitting to verify that, just like in case of Domain whois.

 

[OJM]

Try the following free CAPTCHA ("completely automated public Turing test to tell computers and humans apart") script;

Web Wiz CAPTCHA - Free CAPTCHA software

 

[BalearicJobs]

Try the following free CAPTCHA ("completely automated public Turing test to tell computers and humans apart") script;

Web Wiz CAPTCHA - Free CAPTCHA software

Thats a really good idea. I have CAPTCHA on my forum but I have never installed it separately. I'll give that a go tonight, if I'm successful it should stop the spam. Thank you.

Is there any consideration that you can think of that may cause it to be difficult to implement with an ASPMail form?

 

[OJM]

To be honest I've never implemented it separately either, but I've heard it's pretty straight forward - I can't think of any reason why it wouldn't work with a particular mail component, as it does the check prior to sending.

 

[WebDeveloper]

Actually, you really don't even need to use CAPTCHA for such a simple form.

Why not just have the user input a word before hitting the "Send Contact Form" button? IE: Type the word "contact" without quotes in the following box.

Then in your ASP scripting, check that the word "contact" was submitted before processing the contact form. Otherwise return an error message to the user.

This should weed out most if not all of those bot spammers.

/WebDeveloper