I have several sites where users can send me email through an html form posting data to a php script, which then mails it to me. I do parse the incoming data to make sure there are no fake headers, and at one point a few years ago when I was suspicious about funny emails I started logging all emails so I could find out if someone was using my form as an open relay. They are not; the only emails logged are those which I receive.
The emails all look something like the following, in their entirety:
sgprahsfbuds, <a href=\"http://www.qpmlowrdmx.com \">rfwlenabub</a> ,
[url=http://www.juamkfzjoj.com ]vsmvhocwqe[/url],
http://www.bbzlwecxhj.com rfwlenabub
or
wosizboez, <a href=\"http://www.vmqvcosmcq.com \">hxocgtzzbs</a> , [url=http://www.utfxigsjhg.com ]enttamqamt[/url], http://www.vfpvbxrkew.com hxocgtzzbs
Can anyone tell me what these are, and if there is any potential problem with ignoring them as they come in? I had gotten maybe 10 from 4 sites in a couple years, but yesterday received 6 from 2 of my sites. I certainly wouldn’t click on any of the links, but when I have tried looking them up they are as fake as they look. Google searches show things like “vmqvcosmcq” show up regularly.
Thanks,
russell
I have seen such messages too on a server of mine some time ago. It stopped again.
It certainly is spam, a robot using your form. As to the “what for” I have two ideas:
maybe the bot records the random entries he made and tries to refind those patterns later on google. This way it might be possible for an attacker to identify urls where internal pages of your system are published, if these patterns are cited there and show up in google later.
I have seen similar (though less obvious) with spams in cms based sites like blogs that accept comments. The spam comments all read like someone commenting on the good quality of the posts. But if you looked closer you could identify a common pattern: they all showed “typing errors”, character twists that served to re-identify the comment later by a bot. I guess this has the same idea: to test if the data accepted from a form somewhere reappears on published web pages.
Maybe the simple motivation is to identify those forms where usage leads to spam actually really being published, thus seen. Because this is the only sense for a spammer: his “messages” to be seen.