Spam via Contact form + way to crash Contact form

Topics: ASP.NET 2.0, Business Logic Layer, Controls
Dec 18, 2007 at 3:20 AM
1) Someone has figured out how to spam via the Contact form. I keep getting emails with subject = 'Weblog e-mail -' from my BlogEngine.Net site and they are only filling in the name and email fields. The subject and message fields are blank. Any suggestions for preventing this?

2) If I enter name, email, subject and then put a HTML tag in the message portion of the Contact form, then I end up with a message to the browser showing some web.config junk + an event message on the server with this message ' Exception message: A potentially dangerous Request.Form value was detected from the client (ctl00$cphBody$txtMessage="
").' Shouldn't that be handled some other way?

Great blog, just looking for way to stop these not so nice visitors.
Mar 3, 2008 at 1:18 AM
I'm seeing the same thing. REALLY annoying.
Mar 7, 2008 at 4:53 PM
Hi,

Just want to share from my side.

I use BE 1.3 and JavaScript is active in my browsers. For point #1 It didn't happen to me. But, spammer use the contact form. Maybe we should add CAPTCHA.

For point #2 it also didn't happen to me. FYI, I turn off the "add attachment" in controls at administration page.