RavanH Posted March 7, 2006 Share Posted March 7, 2006 Hi all, I've been looking on the internet and these forums but cannot find anything on where to report attempts of abusing contact forms to send spam (not the spam itself)... I have learned a lot on how to prevent it but nothing on how to fight it! If anyone is interested in this case, here is my 'abuse' report I sent to AOL: ================== Dear madam, sir, This is not a complaint about abuse originating from AOL but is related to AOL. I do not know the proper authorities to turn to who could investigate this case further or are interested in this information. Please bear with me as I try to explain the situation and how it is linked to AOL. Recently, I found that the contact form on the website http://###edited out### (not hosted at AOL) was under 'attack'. Someone was trying with Header Injections on a massive scale - going on for a week now - to abuse the form (for spamming purposes, I guess). All messages ended up in the info[at] mailbox as they should so I do not think there was any succesfull spamming done. Just hard to get rid of these messages overflowing the mailbox... After modifying the contactform (in PHP) a bit, I managed to get some information (see attached examples) about these attempts: The attempts originated from a lot of different IP's located around the globe (not associated with AOL) and I suspect were done by bots running on infected computers. But I found that *all* attempts used only one of 3 repeated email addresses included by 'Bcc:' in the injected headers: ###edited out###[at]aol.com ###edited out###[at]aol.com ###edited out###[at]aol.com I conclude these are testing-addresses run by the person controling the bots, to see wether his attempts were succesfull. You see where AOL comes in! I don't know if you can act upon this? If my conclusion is correct, closing these mailboxes wouldn't make any difference whatsoever, but you might know what else can be done or who I should turn to with this info... Thank you for your time, ====================== I didn't get any response yet, and I don't expect one. Would anyone know where I should send the info? Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.