is my contact email being hijacked?

I have an .asp contact page, and for nearly a year I've been getting spam to
buy generic prescription drugs such as viagra, xanax and phentermine to name
a few.

I recently thought that perhaps OTHER people are getting spam that LOOKS
like it is coming from my name, but my i.s.p. says that the mail on my
contact page only goes to me.

Still...I wonder. Is there a way to find out if other people are receiving
spam being sent in my name?

My contact page is www.TheBicyclingGuitarist.net/contact.asp thanks

Re: is my contact email being hijacked?

The Bicycling Guitarist wrote:

> I have an .asp contact page, and for nearly a year I've been getting
> spam to buy generic prescription drugs such as viagra, xanax and
> phentermine to name a few.

Sounds like typical spam to me. Apparently, your email address is
somewhere on your web site, someone else's web site, is on the computer
of someone who was infected with a mass mailing worm, is easily
guessable via dictionary attack, or you have used it at an unscrupulous
site that sold it.

Or, you have posted to USENET with it!
Chris @ TheBicyclingGuitarist.net
and it has been scraped by the spambots.

> I recently thought that perhaps OTHER people are getting spam that
> LOOKS like it is coming from my name, but my i.s.p. says that the
> mail on my contact page only goes to me.

It is a simple task to forge the FROM: field in an email, so a spammer
could send to millions using yours as the FROM:. You would get all
bounces for non-existent addresses.

> Still...I wonder. Is there a way to find out if other people are
> receiving spam being sent in my name?

Do you get bounces? Non-delivery messages?

> My contact page is www.TheBicyclingGuitarist.net/contact.asp thanks

(page needs some work to make it match your others.)


"Your search for contact form returned no matching documents in our
site."

So how does this script work? Is it secure? Can a spammer inject BCC:
addresses into it? What testing do you/it do before sending the mail to
you?

--
-bts
-Motorcycles defy gravity; cars just suck

Re: is my contact email being hijacked?

he Bicycling Guitarist wrote:
> I have an .asp contact page, and for nearly a year I've been getting spam to
> buy generic prescription drugs such as viagra, xanax and phentermine to name
> a few.
>
> I recently thought that perhaps OTHER people are getting spam that LOOKS
> like it is coming from my name, but my i.s.p. says that the mail on my
> contact page only goes to me.
>
> Still...I wonder. Is there a way to find out if other people are receiving
> spam being sent in my name?

Only by checking the log of the mail server that is used to mail the data from
the basic script.

There are many contact scripts that allows header injection, that way the
spammer can decide who else will get the mail too, but without the log file
you don't know if someone else has got spam from your script. Trying to inject
headers into the script will tell you if it's possible or not to spam others too.


--

//Aho

Re: is my contact email being hijacked?

"The Bicycling Guitarist" wrote in message
news:SUpni.1123$ej2.645@newsfe02.lga...
>I have an .asp contact page, and for nearly a year I've been getting spam
>to buy generic prescription drugs such as viagra, xanax thank you for the
>info, Beauregard T. Shagnasty and J.O. Aho. Yep the page needs work and
>I'll see what I can do to improve it's appearance. I didn't do any testing
>about the script except to see if it would send mail to me. I have learned
>a lot (compared to when I started) about html/css the past few years by
>posting and lurking in these newsgrouups, but I am still basically a newbie
>compared to some of you regulars. Thank you again for all you do for
>others.

Re: is my contact email being hijacked?

"Beauregard T. Shagnasty" wrote in message
news:rRqni.330838$p47.243420@bgtnsc04-news.ops.worldnet.att. net...
> The Bicycling Guitarist wrote:
>
>> I have an .asp contact page, and for nearly a year I've > Or, you have
>> posted to USENET with it!
> Chris @ TheBicyclingGuitarist.net
> and it has been scraped by the spambots.
>

> It is a simple task to forge the FROM: field in an email, so a spammer
> could send to millions using yours as the FROM:. You would get all
> bounces for non-existent addresses.
>
>> Still...I wonder. Is there a way to find out if other people are
>> receiving spam being sent in my name?
>
> Do you get bounces? Non-delivery messages?
>

I don't get bounces as a rule. I have received some, like maybe 1 or 2 in a
six-month period, where I was NOT the one who sent the message that bounced
even though it said it was from me. It has happened, but not a lot and not
recently.



www.TheBicyclingGuitarist.net/contact.asp thanks
>
> (page needs some work to make it match your others.)
>

> So how does this script work? Is it secure? Can a spammer inject BCC:
> addresses into it? What testing do you/it do before sending the mail to
> you?
I have NO idea how it works. That's why I used somebody else's script
instead of writing one. Ewww I just noticed tags. omg, this is the
ONLY page on my web site that still uses those.

I'd love to bring this up to xhtml 1.0 strict standards to match the rest of
my site. I am not intrepid regarding my abilities to do so however.

If you or anyone else knows of a better contact form that I could use, feel
free to suggest it. OR if you can tell me what to do to improve the one I
have, I'd appreciate the help.

Ewww tags...