Why are my website forms spammed?

Our web application scanner (WAS) perform tests of website forms which might result in you getting many messages or emails. To avoid this problem, you can either exclude the URL for the form action, exclude the URL with the form, or block Holm Security VMP IP ranges from posting forms.

Exclude pages containing forms or the form action URL

Follow this instruction to exclude one or more URLs:
http://support.holmsecurity.com/hc/en-us/articles/213915989

Or follow this instruction to do more advanced excludes using regular expression (regexp):
http://support.holmsecurity.com/hc/en-us/articles/115000829729

Block Holm Security VMP IP range

Our IP ranges are specified here:
http://support.holmsecurity.com/hc/en-us/articles/213477725

Being spammed is a security issue

If our web application scanning spammed you mail server or system, it can be a sign of a vulnerability that needs to be solved. Some sites have no validation at all and some have validation that depends on the client, in other words the browser. Often validation is done using JavaScript in the client. By turning off JavaScript in the browser, the user can easily bypass the validation. A hacker with a simple program/script can take advantage of this by bypassing the validation and make attacks that can make the receiving mail server or software that handles data from the form slow or unavailable.

The safest way to protect your form is to add a CAPTCHA, or to validate the form in the underlying code that is executed on the server side.

Read more about CAPTCHA here (external site):
https://en.wikipedia.org/wiki/CAPTCHA

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.