spam from Reply form on my site?

[ClosetGuy]

Been Getting a lot of this stuff lately.

Site was designed in Joomla.

Just wondering am I missing real leads or is this some kind of spam bot?

Here are 2 I just got one after the other.

thanks for any info

(i did a search but must not have used the correct terms)

-------------------------

Form ID: 1

Form title: Contact form

Form name: ContactForm

Submitted at: 2010-04-19 05:59:31

Submitter IP: 209.107.204.13

Submitter provider: Unknown

Submitter browser: MS Internet Explorer 6.0 Submitter operating system: Windows XP

Name: rvyoubv

Phone: 43711211194

Email: jogugt[at]oihhtn.com

Message: YZOdyj <a href=\"ht tp://vdvidmfufsze.com/\">vdvidmfufsze</a>, ht tp://kgxukqkawell.com, ht tp://cjtavszszdlb.com/, ht tp://rgpfncldqaoe.com/

---------------------

Form ID: 1

Form title: Contact form

Form name: ContactForm

Submitted at: 2010-04-19 05:57:56

Submitter IP: 81.201.24.73

Submitter provider: Unknown

Submitter browser: MS Internet Explorer 6.0 Submitter operating system: Windows XP

Name: rvyoubv

Phone: 43711211194

Email: jogugt[at]oihhtn.com

Message: YZOdyj <a href=\"ht tp://vdvidmfufsze.com/\">vdvidmfufsze</a>, ht tp://kgxukqkawell.com/, ht tp://cjtavszszdlb.com/, ht tp://rgpfncldqaoe.com/

Moderator Edit: live links broken

[agsteele]

Been Getting a lot of this stuff lately.

Site was designed in Joomla.

Just wondering am I missing real leads or is this some kind of spam bot?

Here are 2 I just got one after the other.

Greetings,

There are lots of automated systems that use reply forms to send spam. Joomla seems to vulnerable because a Joomla site is easy to identify and forms are often not secured.

You may want to investigate some forms of Captcha process to make automation more difficult.

Andrew

[Wazoo]

Only you would be able to determine whether these were "good leads" or not. I personaly wouldn't touch any of those links at all. Even the "Submitter" data seems a bit suspect. Hard to believe an XP user actually on-line still using IE6.

No personal experience with Joomla!, but I can tell you, I'm tired of receiving the ton-loads of security notifications about issues with this tool/app/whatever you want to call it. Start with a look at http://secunia.com/advisories/product/5788/ and note that most are still not patched. Most seem to keep coming with the syggested instructions to Edit the source code to ensure that input is properly sanitised. Not exactly sure that this is actually of much help to most users.

Agree with Andrew's suggested scenario .... look at locking down your "forms" if this is the issue you're actually asking about.

[rconner]

In my brief days of running a blog, I got a lot of these. Still don't know what is going on since the links were almost invariably NXDOMAIN (non-existent). I assume nonetheless that these guys are up to no good somehow.

Captcha (http://www.captcha.net) or its equivalent will help as Andrew says -- it will chase away the automated postings. If the nuisances always come from the same IP or block, you may be able to deal with them through an address-based block of some sort. If you have a "moderation mode" and your traffic is light enough, full moderation would also stop this stuff appearing automatically on your site.

-- rick

on edit: corrected to "captcha.net"; captcha.org is NG.

[turetzsr]

<snip>

Captcha (http://www.captcha.net) or its equivalent will help as Andrew says -- it will chase away the automated postings.

<snip>

...Help, yes, but not entirely avoid: see, for example, CAPTCHA Compromised – spam Ensues.

[Wazoo]

...Help, yes, but not entirely avoid: see, for example, CAPTCHA Compromised – spam Ensues.

And also having to note that some folks may be using Hosted servers that may not be up-to-date or complete enough to use the latests and greatest versions, resulting in extremely poor/bad graphic offerings. End result is someone like me that might have to (re)generate the picture a few doaen times to finally get one where I can actually make out enough of the detail to 'pass the test' and fo go the next step. (Actually, I run into that problem even on systems with all the latest packages installed, and this is the primary reason I don't use it here.)