I've set up a PHP standard contact form asking for name, email, comments.
The processing part of the form sanitizes the data and makes sure only a single email is entered, etc.
Still, I tend to get data filled out like so...
// ------------------ GARBAGE STARTS
Name: PQctQCulKkDyDIWrFsP
Email: [email protected]
Message: 5DPKep qbkbqmbuhkdf, [url=http://apcxnvhvskdu.com/]apcxnvhvskdu[/url], [link=http://ibjvhssfagid.com/]ibjvhssfagid[/link], http://biwgoxskvgib.com/
// ------------------ GARBAGE ENDS
I built something once that would generate a random number between 1-100 and would pass this as a hidden form, then I had a user field that asked them to add one to it. On the receiving end I checked the entered + 1 = the hidden. I would still get this type of garbage, so either that's not sophisticated enough to thwart automated attacks, or it's a person actually trying to test.
So my questions are...
1) Is this an automated attack that captcha would prevent/reduce? 2) Can someone explain what someone is getting out of this? There's no spam for anything, the links are BS, they're not able to use the form to send their own spam...
I'm not sure if this is just some kind of fishing expedition to look for vulnerabilities, or if there is a bigger purpose I'm missing.
Thanks for any suggestions.