are these attempted injections on my contact form?

I have a PHP contact form mailer on my website. The contents don't store in a database, but are emailed directly to me. I have received a couple strange 开发者_如何学Gocontacts in the last few days.

The user has to fill in name, email, confirm email subject and message.

I have a javascript security in place that verifies an email is typed in the same twice, and checks for the @ and the dot. Also, required fields are checked with javascript.

Here is the most recent message-you can see it is a bunch of bogus links, etc. Is this anything I should be concerned of from a security standpoint?

Name: fvjnqazcy

Email: cervau@fbcalj.com

Email confirm: cervau@fbcalj.com

Phone: 47668113220

Subject: uSMvoegKPt

Message: KU17Gd  <a href="http://lsyixbpcjddi.com/">lsyixbpcjddi</a>,
[url=http://sojlxycrnxlb.com/]sojlxycrnxlb[/url], [link=http://wesixtcvuzbj.com/]wesixtcvuzbj[/link], http://dcgfyjhpfpbx.com/

It looks more like a spammer to me. If you have more of these messages than you can handle, you need to add a CAPTCHA to your contact form. I don't think it's intended to exploit a potential security issue in your application though.

Yeah, I agree with Mehrdad, it just looks like a random spam bot. Don't ask why they are doing that; I don't think there is a real reasoning for them to add spam..

I have a javascript security in place that verifies an email is typed in the same twice, and checks for the @ and the dot. Also, required fields are checked with javascript.

You really shouldn't do any important checks with JavaScript. Or at least not without testing them on the server side as well.

JavaScript is easily disabled and then all your checks will fail. Especially bots never interpret JavaScript, so all your checks won't be made and all input is just accepted as it is.

To prevent spam in general you should gradually add more security checks on the server side. One rather hard option is adding a CAPTCHA, but moving those checks to your server first will probably help as well (given that the bot enters two different email addresses).