Web Security - Fake Form Submission (Signup,..)
Table of Contents
About
Spam or fake form submissions can be made by:
- and a human
Example of form:
- Account Sign-up
- Comments
- …
Fake form submission happen due to bots that scour the internet looking for signup forms to fill in.
Most fake account/sign up are created by two bots:
- One bot that finds forms and sign up
- An other one that open the emails and click on every single link
Articles Related
Why ?
- They want to spam via functionality such as Tell a Friend
- They are looking for weaknesses in the site and hoping to exploit it for further gain.
- It could also be to gather your email address and send you spam.
- Damage your email campaigns. Wen a large number of fake signups (with real addresses) send your newsletter to the spam folder. This can trigger your subscribers’ email service providers to mark all your email as spam.
Fake accounts:
- for spamming
- you,
- or others via tell-a-friend, messaging, etc.
The newsletter signup can be hijacked by bots to send emails en mass to apparently valid email addresses causing:
- a huge bounce list,
- unhappy email server host,
- and possible contribution to ddos attacks.
causing the server to be Email - Mille and one way to send an email (professional and user)
Protection
Spambot
Protection may be used due to the specific behavior of this bot. See bad bot protection
CSRF Token
Data Validation
Spambot are not really good at data generation and a simple data validation is another layer of protection.
Name Validation
To block the creation of fake account, there may be ruled on the name.
- name length validation
For instance, Facebook