views:

155

answers:

3

We are experiencing a strange bug on our website which we think is related to the software installed on user's computers. We have an e-mail link on a lot of pages, which is created using Javascript (so spambots won't get it).

It seems the link is "clicked" automatically on some user's machines. Some users then discard the window by clicking Send on the e-mail window that pops up, resulting in a ton of e-mails to us.

When inspecting the Apache log, nothing weird can be seen in the browser string. Can this be a download accelerator/prefetcher gone haywire? Any other theories as to what this might be?

The link in the HTML is written like this (it is autogenerated by Smarty):

<script type="text/javascript" language="javascript">
<!--
{document.write(String.fromCharCode(60,97,32,104,114,101,
  102,61,34,109,97,105,108,116,111,58,115,117,112,112,111,114,
  116,64,112,114,111,118,101,46,110,111,63,115,117,98,106,101,99,
  116,61,82,101,102,101,114,97,110,115,101,110,117,109,109,101,114,
  37,50,48,49,53,48,48,34,32,62,83,101,110,100,32,115,112,38,111,115,
  108,97,115,104,59,114,115,109,38,97,114,105,110,103,59,108,46,60,47,97,62))}
//-->
</script>
A: 

My only suggestion would indeed be that some program (browser, extension, bot, indexer) reads the page and then opens the link and sends the mail, but I've never seen that before.

Is there anything you can see from the mail messages you get? Recurring IP addresses or X-Mailer?

Perhaps you can ask one of the users about their system setup - you have their e-mail address.

Jeroen Heijmans
These come from actual users, not a bot. We have made contact with one user, who confirmed the event order mentioned in the question. Our users view a lot of pages, so one e-mail per page becomes a lot of e-mails.
Vegard Larsen
+3  A: 

Could something in the browser be prefetching the links? For example, the Firefox extension Fasterfox does that (which is the reason why I don't use it). I seem to remember Google at one time also had brought out a browser accelerator using the same concept. And the AVG antivirus' Linkscanner is infamous for doing it too (all in the name of scanning for bad sites).

In short: don't use links for something that changes a state, for example for logging out, deleting a record (gasp!) or sending email. Use a button instead.

bart
I don't think Fasterfox can be stupid enough to click an e-mail link? This is a HTML <a href="mailto:">-style link. I'm going to test FasterFox just to be sure.
Vegard Larsen
A: 

Personally, I'd try to solve this by changing from a mailto: link to a contact form - though that doesn't directly answer the question you asked.

The other suggestions of link pre-fetchers seem the most probable.

I suppose it might even be related to caching from an ISP, if it's trying to pre-spider a page so the linked-to pages load quicker?

warren