We've been having a hell of a time with Salesforce contact form spam as of late. Its been littered with junk about cheap Air Jordans, Louis Vitton bags, and other assorted hijack links. In the course of a week, we could have as many as 300 new "leads", all of which were spam, and that was after instituting form validation on all the contact fields.
So, the next step was to find out where this spam was coming from. By adding a hidden field to the form, and tying it to the lead source, we were able to capture the IP address of every submitter. Well, most of the submitters were coming from this little village in Fuzhou China. You can find the location of such IP addresses from http://addgadgets.com/ipaddress/index.php.
If you use JSP in your site, here is the code to capture the IP for your Salesforce Web2Lead form:
String ipaddress = request.getRemoteAddr();
<input id="lead_source" name="lead_source" type="hidden" value="<%=ipaddress%>">
So, the next step was to block the IP. This can be done via IPTables in linux. As these addresses were found in predictable blocks, we decided to block more than just the IP addresses listed. Instead we blocked entire countries. Yep. If you are reading this, then you are likely not blocked from our web site.
This website had an excellent shell script that handles all you need to block any specific country.
- Iterates through the countries you specify
- Gets the IP address blocks assigned to that country.
- Adds the block range to IPTables
- Recycles your IPTables to ensure a clean, fresh instance.
This script can be run via chron job (perhaps monthly) so the list always stays current. We chose a block of 15 countries based on the fact they were the most frequent countries for spam and hack attacks. These are also 15 countries we have no intention of doing business in.
Labels: Linux hackers spam