Getting a few of the following on one of my web forms.

Anybody any idea what it's all about?

I'm assuming it's some kind of attempt to find an exploit but I can't
see how it would benefit anyone.




Values submitted from IP 67.167.113.230 on Tuesday 3rd of June 2008
09:19:55 PM:

TrackInterest: YVSOmvUoU
PresentPaper: 
Sponsoring: 
Exhibiting: 
Leaflets: 
Title: msgkCiFuvu
GivenName: fdsfdsfdsfrewr
MidInitials: rbxXgKUwqZjRVzI
FamilyName: fdsfdsfdsfrewr
Position: HPQQvGtu
Department: HHwpCWbLMMKWtRjo
Organisation: ZVMyQerZOd
Address1: eeRXuakEBwYG
Address2: xapQfUJTPAFVsyVDX
Address3: wgpKUlcIsUvatNItP
Town: SGQexcKedmVKWVl
PostCode: CgqCRjbQtinFFbap
country: United Kingdom
Telephone: cWSeipBtsEoiYfAzWx
Fax: QcaMdveLOYOvVcA
email: fdsfdsf@edsdac.com
Confirmemail: fdsfdsf@edsdac.com
B2: 
Data protection opt out: 
-- 
Geoff Berrow  0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011

On 4 Jun, 10:59, Geoff Berrow  wrote:

> I'm assuming it's some kind of attempt to find an exploit but I can't
> see how it would benefit anyone.

> Department: HHwpCWbLMMKWtRjo
> Organisation: ZVMyQerZOd

Some fields, like postcode, are probably required fields. They're
probably indicated as such by a star next to them, quite possibly an
absolute pixel-positioned graphic of a star. It's hard enough for the
user to tell which fields are really required (especially after a font-
size change), doing it automatically is unfeasible.

So the spammer (probably no smarter or more malign than looking for
open email senders) finds it simplest to drop garbage into _all_ the
fields, even the trivial and optional.

On 4 Jun, 11:59, Geoff Berrow  wrote:
> Getting a few of the following on one of my web forms.
>
> Anybody any idea what it's all about?
>
> I'm assuming it's some kind of attempt to find an exploit but I can't
> see how it would benefit anyone.
>
> Values submitted from IP 67.167.113.230 on Tuesday 3rd of June 2008
> 09:19:55 PM:
>
> TrackInterest: YVSOmvUoU
> PresentPaper:
> Sponsoring:
> Exhibiting:
> Leaflets:
> Title: msgkCiFuvu
> ...

It seems to be common form-spam from an automated bot. We see it a
lot. Fields marked as type='text' are filled in with random
characters. Textareas are filled in with a spam message and fields
labelled email (or including email in the name) get a fake email
address. I don't know that the bot distinguishes the purpose of the
form - we see the same content types attempted on contact forms and
comment forms. Some attempt to add unusual keywords into textareas,
presumably so the spammer can check if they are able to add to the
page.

It is automated and it does act semi-intelligently. It reads the form
in real time, extracts the form fields, fills them in and returns
them. We know it reads the forms in real time because of the logs and
because it submits individual time-based hidden fields and it reads
and returns cookies - both of which are simple spam-bot blocks. I
still hate captchas, but I can't see any other way of avoiding this
type of bot any more.


Saul
www.notanant.com
Communities of websites

Message-ID:
 from
Saul contained the following:

...
>Textareas are filled in with a spam message...
Ah, that would explain it.  So they are looking for a way of getting
links onto webpages via guestbooks perhaps?  I don't have any textareas
on my form.

>It is automated and it does act semi-intelligently. It reads the form
>in real time, extracts the form fields, fills them in and returns
>them. We know it reads the forms in real time because of the logs and
>because it submits individual time-based hidden fields and it reads
>and returns cookies - both of which are simple spam-bot blocks. I
>still hate captchas, but I can't see any other way of avoiding this
>type of bot any more.

I notice it doesn't seem to return checkboxes so maybe having a
compulsory check box might do it.  Something like a DPA disclaimer
perhaps.

-- 
Geoff Berrow  0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011

On Thu, 05 Jun 2008 09:10:04 +0100, Geoff Berrow
 wrote:

>I notice it doesn't seem to return checkboxes so maybe having a
>compulsory check box might do it.  Something like a DPA disclaimer
>perhaps.

Because it fills all text inputs, you can add a <label>Please leave
blank:<label><input> pair with CSS display:none and, if the field
contains data reject the form.