5 Ways To Get Your Website Shut Down By Spammersby Richard Adams
Posted on October 27, 2008
|
|
Every day spammers hit thousands of websites and a number of these are shut down by their ISP or webhost for "abuse".
Damage done by spammers can take two forms:
a) General annoyance such as posting adverts on your forum or spam comments on your blog which are irritating and time-consuming to resolve but are unlikely to get you shut down. There are, however, cases in which even this damage could get you into some hot water with your host.
b) Malicious use of your website in some way which *could* get you shut down.
Here, then, are what I view as the top 5 problems spammers could cause to your business, and what to do about them.
Many contact forms such as the popular formmail script are easily attacked by hackers, enabling them to email thousands of spam messages an hour using *your* server, *your* bandwidth and consequently *your* money. This heavy server load slows down your site and any others hosted on the same server and may well cause you problems when your webhost spots what is happening. I had my FTP account to one of my sites blocked a few years ago for just such a problem.
My host refused to unlock it unless I agreed to permanently remove my contact form so spammers couldn't use it any more.
Just as bad, a wrong spam complaint from your domain, could also result in you being blacklisted (at best) or shut down (at the worst).
The solution here is to ensure your email address is hard coded into the script itself - so it simply won't work if hackers try to email someone else from it - rather than the age-old technique of just having your email address submitted as a hidden field in the form itself.
Any automated scripts used by spammers can cause real drains on your server as it slows to a crawl. This is why sites like Google will ban you from using their services if you're caught using any automated scripts to access their site.
This is often seen in the form of forum hacking - spammers either posting hundreds of adverts to your forum, or harvesting everyone's email addresses to be able to spam them individually by email.
I have had it happen to me and seen the pages accessed shoot through the roof for a few weeks.
The simple answer here is to (1) keep a close eye on your forum, banning spammers by IP and email address, and if necessary temporarily disabling your forum until they get bored and find another victim and (2) register for updates whenever an upgrade of your chosen forum software is available so that you can upgrade as soon as possible to keep security gaps to a bare minimum.
If you received 5,000 spam emails in the next hour you can be sure your host would take note.
So keep your email address as private as possible.
*Don't* actively give it out on your site as spambots can easily harvest this information. Give it as an image file if you have to, or use a secure contact form or help desk script to really improve security.
I'm astonished sometimes by what I find. I recently was considering purchasing a piece of software and decided to do a search in Google for reviews to see what others thought. What came up as the 3rd listing? The download page for that piece of software! Imagine if I'd posted that URL in a busy forum!
Beat this problem by (1) always using an index.html page in every folder you create so these "hidden" areas aren't view to anyone who chooses to look, (2) consider adding a robots.txt file to exclude search engine spiders so pages like your download pages don't appear in their results and (3) try not to name your folders anything too obvious.
Popular scripts have standard and wellknown setups that will enable anyone in the know to fiddle with your site if they know the software you're using.
These too can be abused by spammers emailing thousands of people via your site.
As these are often set up to send a number of emails at the same time they can be powerful spam tools and with a limited number of popular scripts on the market there are only a few that the spammers need to figure out before they start to make trouble.
To counter this problem find a script that allows total customization of your form making it harder for spammers to work out what script you're using, and the facilities to ban users by IP or email address so trouble-makers can be quickly and easily extinguished.
Damage done by spammers can take two forms:
a) General annoyance such as posting adverts on your forum or spam comments on your blog which are irritating and time-consuming to resolve but are unlikely to get you shut down. There are, however, cases in which even this damage could get you into some hot water with your host.
b) Malicious use of your website in some way which *could* get you shut down.
Here, then, are what I view as the top 5 problems spammers could cause to your business, and what to do about them.
1) Contact Us Forms
Many contact forms such as the popular formmail script are easily attacked by hackers, enabling them to email thousands of spam messages an hour using *your* server, *your* bandwidth and consequently *your* money. This heavy server load slows down your site and any others hosted on the same server and may well cause you problems when your webhost spots what is happening. I had my FTP account to one of my sites blocked a few years ago for just such a problem.
My host refused to unlock it unless I agreed to permanently remove my contact form so spammers couldn't use it any more.
Just as bad, a wrong spam complaint from your domain, could also result in you being blacklisted (at best) or shut down (at the worst).
The solution here is to ensure your email address is hard coded into the script itself - so it simply won't work if hackers try to email someone else from it - rather than the age-old technique of just having your email address submitted as a hidden field in the form itself.
2) Heavy Server Loads
Any automated scripts used by spammers can cause real drains on your server as it slows to a crawl. This is why sites like Google will ban you from using their services if you're caught using any automated scripts to access their site.
This is often seen in the form of forum hacking - spammers either posting hundreds of adverts to your forum, or harvesting everyone's email addresses to be able to spam them individually by email.
I have had it happen to me and seen the pages accessed shoot through the roof for a few weeks.
The simple answer here is to (1) keep a close eye on your forum, banning spammers by IP and email address, and if necessary temporarily disabling your forum until they get bored and find another victim and (2) register for updates whenever an upgrade of your chosen forum software is available so that you can upgrade as soon as possible to keep security gaps to a bare minimum.
3) Excessive Spam Sent To You
If you received 5,000 spam emails in the next hour you can be sure your host would take note.
So keep your email address as private as possible.
*Don't* actively give it out on your site as spambots can easily harvest this information. Give it as an image file if you have to, or use a secure contact form or help desk script to really improve security.
4) Accessing Unauthorized Areas Of Your Site
I'm astonished sometimes by what I find. I recently was considering purchasing a piece of software and decided to do a search in Google for reviews to see what others thought. What came up as the 3rd listing? The download page for that piece of software! Imagine if I'd posted that URL in a busy forum!
Beat this problem by (1) always using an index.html page in every folder you create so these "hidden" areas aren't view to anyone who chooses to look, (2) consider adding a robots.txt file to exclude search engine spiders so pages like your download pages don't appear in their results and (3) try not to name your folders anything too obvious.
Popular scripts have standard and wellknown setups that will enable anyone in the know to fiddle with your site if they know the software you're using.
5) Tell-A-Friend Scripts
These too can be abused by spammers emailing thousands of people via your site.
As these are often set up to send a number of emails at the same time they can be powerful spam tools and with a limited number of popular scripts on the market there are only a few that the spammers need to figure out before they start to make trouble.
To counter this problem find a script that allows total customization of your form making it harder for spammers to work out what script you're using, and the facilities to ban users by IP or email address so trouble-makers can be quickly and easily extinguished.
Richard Adams is the creator of Ultimate Tell A Friend, the most powerful viral marketing tell a friend script available.
Get free online business advice and sign up for a free merchant account so you can accept credit cards online at http://www.merchantaccountforum.com
Print This Article|
Send To A Friend|
RSS Feeds|Read More Related ArticlesCOMMENT ON THIS ARTICLE...
Post them now in our forums for quick, helpful advice from thousands of members!
SEO Articles
Internet Marketing Articles
Development Articles
General Articles
And also in our Archives
Internet Marketing Articles
Development Articles
General Articles
And also in our Archives
Drive traffic to your business and get recognized as an industry leader by sharing your knowledge on Site-Reference. Authors are given a wide range of exclusive benefits here at SR; so checkout what we can offer to those that…
We’re always on the lookout for new writting talent so even if haven’t written for the web yet, feel free to contact us anytime
We’re always on the lookout for new writting talent so even if haven’t written for the web yet, feel free to contact us anytime
Home|Forums|SEO Blog|Marketing Blog|Resources|Advertise Here|RSS Feeds|Contact Us|Affiliates
Copyright 2004 - 2008 Site-Reference.com|Privacy Policy
Alp writes: Thanks for the heads up! It seems "hiding the email addresses" and "securing forums, forms, et al" seems to be the main points to avoid spammers.
4:21:51 Sun Nov 2 2008 CST
Stew writes: Your article scares the pants off me. I am a rookie at programming and site building and implementing your fixes are a challenge to someone with limited knowledge.
Can you advise on where to find indepth help regarding this very real threat or a how-to on adding the index pages?
Stew
11:45:01 Thu Oct 30 2008 CDT
imroz writes: nice post.
23:02:28 Tue Oct 28 2008 CDT
Danielle Pretorius writes: awesome advice, thank you
4:12:12 Tue Oct 28 2008 CDT
Diamonds writes: Thanks for the tips.
17:49:37 Mon Oct 27 2008 CDT
Liam writes: Another solution:
http://recaptcha.net
Problem solved for most, if not all, of the above.
16:56:14 Mon Oct 27 2008 CDT
George writes: We usually use php scripts or pdf forms where the email address isn\'t readily available to harvesters or spammers as HTML code. We also use NMSformail, which has a lot more security features than the formail script found on Matt\'s Script Archive. You can set which URLs have access to the script, and set the number of email addresses it will send to. And we learned the hard way to use Strong passwords for our web server.
16:05:24 Mon Oct 27 2008 CDT
BB writes: where is number 4?
12:16:04 Mon Oct 27 2008 CDT
Pages: 1