Errors.log

I have a web app on AWS LightSail.
In my application folder, next to the app executable, there is a file called errors.log.
It has many entries that look like emails from various people such as:

“2024-08-03 00:38:26
JavaScript Error:
Error: Dear roboarmremote.com owner or manager,
Cut your business or personal credit cards and loan payments in half. eliminate interest and reduce your debt by 50%. 100% guaranteed. The average customer saves $56,228 in unnecessary interest plus principal and 15 years in payoff time through our consolidation loan and debt consolidation programs.
Contact us at usdebtrelief.biz or email me at usdebt12@gmail.com I look forward to hearing from you,
Rey”

Where is this coming from?
What should I do?

From some spam form “robot” injecting contents into forms they find in the internet and trying to submit it.

Implement some anti-robot technique in your form. Some kind of captcha for example.

Errors.log next to the app is unfortunately the file created by the framework when someone submits the JavaScript error window form. We would need a patch from Xojo, and we all know that isn’t happening.

Well, the specific spam robot attack, that caused the error logged, is exactly what I said. His form, or Xojo’s form, needs anti-robot spam measures.

Open forms are invaded and the robot tries to fulfill spam contents and submit.

His specific spam robot case is all over the web as:

https://www.ehefphilippines.com/node/45/submission/15383

Etc.

Oh of course, I am in agreement on anti-robot measures. It just won’t be possible for the JavaScript Error dialog because it’s part of the framework. This is specific to Web 1.0. JavaScript errors now raise an event on the server in Web 2.0.

I am actually working on some anti-robot measures for Lifeboat right now, but I think I recall Dan’s project and I’m not sure they’re interested in (or able to?) use Lifeboat. I know it seems like I don’t stop talking about it, but I do try not to spam :stuck_out_tongue:

Dan, you may be interested in nginx Ultimate Bad Bot Blocker on Github. You should cross reference the spam timestamps with your nginx access logs, and see if there’s a pattern you might be able to block.