contacts page bot hackers

[nadeemshafi9]

hi guys

 

i constantly get a bot trying it on with my contacts pages in some sites, it first does a file path injection attempt 5 or 6 times just on random page urls in my site i capture all of these and block them,

 

then it does a contacts page attack it attacks  which looks like this

 

nZTvOS lieacsxplwqv, crciyajsrbpc, [link=http://fupwozqfonds.com/]fupwozqfonds[/link], http://lhituuaajxzu.com/

 

the urls are made up but we fear that it may be temporary or it may be sennding out email

 

any ideas ?

 

im gona try and check the mail log or somthing any ideas on how to do that ?

[nadeemshafi9]

i know how to check mail logs gona do that when i get access to main serv

[JonnoTheDev]

You should implement CAPTCHA on contact forms that send out email. It doesn't take long on any website before contact forms start getting hit.

[nadeemshafi9]

You should implement CAPTCHA on contact forms that send out email. It doesn't take long on any website before contact forms start getting hit.

 

very good idea, any good CAPTCHA scripts out there or am i better of making one

[JonnoTheDev]

There are plenty. I prefer to use my own as it is a security measure so no one else actually knows how it is working, rather than taking an off-the-shelf approach. Depends on your skillset really. You will need to make sure you have the GD libraries available on your php installation as you will be working with images.

[nadeemshafi9]

There are plenty. I prefer to use my own as it is a security measure so no one else actually knows how it is working, rather than taking an off-the-shelf approach. Depends on your skillset really. You will need to make sure you have the GD libraries available on your php installation as you will be working with images.

 

i know how to use GD and PHP, how would i do this then ? if i was to wite it, i mean i used GD functions to manipulate images im not fully aware of its full capabilities, i coudlk emagine creasting a weak CAPTCHA in php by naming the alphabet images random numbers but that could be cracke easily by a bot, just out of curiosity could u give me a quick over view of the working using GD nothing complex just an idea. i will probably end up using a free b and backwards engineering it, but il never probs need to write it.

[JonnoTheDev]

For a bot to crack a CAPTCHA it needs to read the letters / numbers using OCR techniques. The weakest captchas are alphanumerics on a plain coloured background with little or no skew on their positioning. Even worse are those who think people are thick enough not to realise that the captcha code is stored in a hidden field in the HTML form. Check this out: http://www.afreearticle.com/signup.php

 

The best captchas use noise within the background and skew the characters. The actual code will be encrpted along with some kind of secret key so its impossible for a bot to decrypt this. When the page is reloaded it will change so there is no chance of grabbing, reading and submitting as the code will change. Your best bet is to download an implementation and then refactor. Some good ones found at http://www.phpclasses.org

 

[DarkWater]

Just going to say that this is the wrong section, and that the "hacking" that they mean in this board is the good kind.  Not "cracking".

[Mchl]

reCAPTCHA seems to be good solution nowadays. After all it's showing words that OCR software already failed at

On the other hand it doesn't need you to spell the words exactly.