What is going on here?

[heldenbrau]

I added a form to my website so people could upload pictures.  When somebody uploads a picture I get sent an email.  Today I keep getting emails saying somebody has uploaded a picture, but when I check it is full of rubbish such as this:

 

aihotryivvjk, [url=http://lfhelcxniajg.com/]lfhelcxniajg[/url], [link=http://zeqmxytfhfob.com/]zeqmxytfhfob[/link], http://equhlndtroti.com/" target="blank">khq2VJ aihotryivvjk, [url=http://lfhelcxniajg.com/]lfhelcxniajg[/url], [link=http://zeqmxytfhfob.com/]zeqmxytfhfob[/link], http://equhlndtroti.com/

 

Every form is filled in with this stuff.  What is this stuff?

[Pikachu2000]

Looks like spambot garbage to me.

[heldenbrau]

I forgot to say, no picture is uploaded, this stuff goes into the title, description and video URL link box.

[.josh]

you are being hit by spam bots.

[heldenbrau]

What is the purpose of a spam bot?

[.josh]

to spam.  You know, like how you get junk mail and spam in your email?  Same thing.

[PFMaBiSmAd]

Shouldn't your validation logic in your form processing code detect and prevent the insertion of that, assuming you have validation logic in your form processing code?

[heldenbrau]

I wouldn't call it spam because the websites it has put into the form don't exist.  It is just randomly generated rubbish. 

 

I don't have validation because I didn't consider something like this, now I will have to add it.  But what is the point of this stuff?

 

[Philip]

But what is the point of this stuff?

 

To annoy the shit outta you. And apparently its working!

[Maq]

I wouldn't call it spam because the websites it has put into the form don't exist.  It is just randomly generated rubbish. 

 

I don't have validation because I didn't consider something like this, now I will have to add it.  But what is the point of this stuff?

 

 

Who knows...  But, as Mabismad mentioned, you should implement validation.  If you need help with the validation feel free to start another thread with the relevant information.

[heldenbrau]

I have just added validation.  I made 9 number png files and named them 1.png to 9.png then picked a random number from 1 to 9 four times and put them in order $a$b$c$d to make the number and display the png files.  Then it sends the number as a hidden field.  I haven't had any spam since then.

 

So this is really just to annoy people?

[Maq]

So this is really just to annoy people?

 

They just picked up your form and tried to automate a submission most likely.  There are many reasons, and yes, annoyance could be one of them.

[PFMaBiSmAd]

I get sent an email

 

If you are not validating the input and you happen to be putting a form field content in to the mail header, it is likely that the spambot script is sending multiple copies of the email through your mail server and the copy you see is just the one going to you, but there could be dozens going to other email addresses.

 

If you are putting data from the form in to the mail header, you should probably log the it to a file or record it into a database table so that you can see what is really going through your script.

 

 

[heldenbrau]

The program only emails me to let me know that somebody has filled in the form.  Everything that goes into the form is put into a database, then I use another website to view what has been entered into the form and decide to delete it or verify it.  Nothing from the form goes into an email.