Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Spam coming through my website

Reply
Thread Tools

Spam coming through my website

 
 
Vista
Guest
Posts: n/a
 
      07-13-2006
Just wondering how the best way to stop people submitting a form on my
website. Currently there is someone/some people who for the last few weeks
has been sending messages through the forms on my website, with pornographic
links etc. I have a lot of required fields on my form, including requiring
an email address, name and address etc, but they still fill in all the
fields and use a free gmail address for as the email address. Currently
there is really nothing I can think of to stop them I have traced their IP
adddresses, and they trace back to korea. I am considering removing the form
and just using a normal email link instead. Anyone have any ideas?
TIA


 
Reply With Quote
 
 
 
 
Fred Dagg
Guest
Posts: n/a
 
      07-13-2006
On Thu, 13 Jul 2006 17:54:00 +1200, "Vista" <(E-Mail Removed)>
exclaimed:

>Just wondering how the best way to stop people submitting a form on my
>website. Currently there is someone/some people who for the last few weeks
>has been sending messages through the forms on my website, with pornographic
>links etc. I have a lot of required fields on my form, including requiring
>an email address, name and address etc, but they still fill in all the
>fields and use a free gmail address for as the email address. Currently
>there is really nothing I can think of to stop them I have traced their IP
>adddresses, and they trace back to korea. I am considering removing the form
>and just using a normal email link instead. Anyone have any ideas?
>TIA
>

Most likely, it'll be worse than you think. They are probably using it
to SPAM others, and you are just receiving a copy as a side effect.
Usually this is accomplished by using an "injection" attack - they
inject code into your form that your server misinterprets as a
command.

What are you using to send your form?
 
Reply With Quote
 
 
 
 
XPD
Guest
Posts: n/a
 
      07-13-2006
"Vista" <(E-Mail Removed)> wrote in message
news:1152769838.470881@ftpsrv1...
> Just wondering how the best way to stop people submitting a form on my
> website. Currently there is someone/some people who for the last few weeks
> has been sending messages through the forms on my website, with
> pornographic links etc. I have a lot of required fields on my form,
> including requiring an email address, name and address etc, but they still
> fill in all the fields and use a free gmail address for as the email
> address. Currently there is really nothing I can think of to stop them I
> have traced their IP adddresses, and they trace back to korea. I am
> considering removing the form and just using a normal email link instead.
> Anyone have any ideas?
> TIA
>


Welcome to my world.... Im running a blog on my site and Im constantly
getting spam comments.
Looked all thru the settings for a way to prevent non-registered users from
posting, and you wouldnt believe it, but theres no option for that. I have
to code it into the damn thing myself if I want that option.
SO think Im going to give up on running my blog.... the forums work much
better


 
Reply With Quote
 
Shane
Guest
Posts: n/a
 
      07-13-2006
XPD wrote:

> "Vista" <(E-Mail Removed)> wrote in message
> news:1152769838.470881@ftpsrv1...
>> Just wondering how the best way to stop people submitting a form on my
>> website. Currently there is someone/some people who for the last few
>> weeks has been sending messages through the forms on my website, with
>> pornographic links etc. I have a lot of required fields on my form,
>> including requiring an email address, name and address etc, but they
>> still fill in all the fields and use a free gmail address for as the
>> email address. Currently there is really nothing I can think of to stop
>> them I have traced their IP adddresses, and they trace back to korea. I
>> am considering removing the form and just using a normal email link
>> instead. Anyone have any ideas?
>> TIA
>>

>


Um, if you know the ip, or range the problem comes from, why not block by ip
and or range?

> Welcome to my world.... Im running a blog on my site and Im constantly
> getting spam comments.
> Looked all thru the settings for a way to prevent non-registered users
> from posting, and you wouldnt believe it, but theres no option for that. I
> have to code it into the damn thing myself if I want that option.
> SO think Im going to give up on running my blog.... the forums work much
> better



What blog software?
Im using wordpress, and nonregistered users cant comment, I can even control
who is and isnt registered, and moderate comments

Looking for forum software that wont get me owned

--
Rule 6: There is no rule 6

Blog: http://shanes.dyndns.org
 
Reply With Quote
 
Shank
Guest
Posts: n/a
 
      07-13-2006
Vista wrote:
> Just wondering how the best way to stop people submitting a form on my
> website. Currently there is someone/some people who for the last few weeks
> has been sending messages through the forms on my website, with pornographic
> links etc. I have a lot of required fields on my form, including requiring
> an email address, name and address etc, but they still fill in all the
> fields and use a free gmail address for as the email address. Currently
> there is really nothing I can think of to stop them I have traced their IP
> adddresses, and they trace back to korea. I am considering removing the form
> and just using a normal email link instead. Anyone have any ideas?
> TIA
>
>

If you don't want to code out webmail addresses (gmail, hotmail etc)
with 'for i in etc, do
if then else

and go with a normal email link, code that with javascript to stop bots
picking it up

http://javascript.internet.com/forms...mail-link.html

or

http://innerpeace.org/escrambler.shtml





--
Rob

In poker you have to show your hand eventually if called. So f
 
Reply With Quote
 
Fred Dagg
Guest
Posts: n/a
 
      07-13-2006
On Thu, 13 Jul 2006 21:08:20 +1200, Shank <Here@home> exclaimed:

>Vista wrote:
>> Just wondering how the best way to stop people submitting a form on my
>> website. Currently there is someone/some people who for the last few weeks
>> has been sending messages through the forms on my website, with pornographic
>> links etc. I have a lot of required fields on my form, including requiring
>> an email address, name and address etc, but they still fill in all the
>> fields and use a free gmail address for as the email address. Currently
>> there is really nothing I can think of to stop them I have traced their IP
>> adddresses, and they trace back to korea. I am considering removing the form
>> and just using a normal email link instead. Anyone have any ideas?
>> TIA
>>
>>

>If you don't want to code out webmail addresses (gmail, hotmail etc)
>with 'for i in etc, do
>if then else
>
>and go with a normal email link, code that with javascript to stop bots
>picking it up
>
>http://javascript.internet.com/forms...mail-link.html
>
>or
>
>http://innerpeace.org/escrambler.shtml


That's a silly idea. You have no control over a user's environment,
and if they choose to not have Javascript enabled (which is their
choice) they cannot contact you.

The best idea is to just code the mail form properly.
 
Reply With Quote
 
Vista
Guest
Posts: n/a
 
      07-13-2006

"Fred Dagg" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Thu, 13 Jul 2006 17:54:00 +1200, "Vista" <(E-Mail Removed)>
> exclaimed:
>
>>Just wondering how the best way to stop people submitting a form on my
>>website. Currently there is someone/some people who for the last few weeks
>>has been sending messages through the forms on my website, with
>>pornographic
>>links etc. I have a lot of required fields on my form, including requiring
>>an email address, name and address etc, but they still fill in all the
>>fields and use a free gmail address for as the email address. Currently
>>there is really nothing I can think of to stop them I have traced their IP
>>adddresses, and they trace back to korea. I am considering removing the
>>form
>>and just using a normal email link instead. Anyone have any ideas?
>>TIA
>>

> Most likely, it'll be worse than you think. They are probably using it
> to SPAM others, and you are just receiving a copy as a side effect.
> Usually this is accomplished by using an "injection" attack - they
> inject code into your form that your server misinterprets as a
> command.
>
> What are you using to send your form?


That sounds possible, and would explain all the links in the message. I am
using NMS formmail http://nms-cgi.sourceforge.net/ and running the latest
version. I have used a similar script for the last 5 years on my website,
and have never had this type of problem.


 
Reply With Quote
 
Dave Taylor
Guest
Posts: n/a
 
      07-13-2006
"Vista" <(E-Mail Removed)> wrote in news:1152769838.470881@ftpsrv1:

> I am considering removing the form
> and just using a normal email link instead. Anyone have any ideas?
>


Force the user to be a human; the form is for people to fill out isn't it?.
See:
http://www.javascriptsearch.com/news...ittenAuth.html
http://www.thepcspy.com/kittenauthtest
http://www.kittenauth.com/

--
Ciao, Dave
 
Reply With Quote
 
Shank
Guest
Posts: n/a
 
      07-13-2006
Fred Dagg wrote:
> On Thu, 13 Jul 2006 21:08:20 +1200, Shank <Here@home> exclaimed:
>
>> Vista wrote:
>>> Just wondering how the best way to stop people submitting a form on my
>>> website. Currently there is someone/some people who for the last few weeks
>>> has been sending messages through the forms on my website, with pornographic
>>> links etc. I have a lot of required fields on my form, including requiring
>>> an email address, name and address etc, but they still fill in all the
>>> fields and use a free gmail address for as the email address. Currently
>>> there is really nothing I can think of to stop them I have traced their IP
>>> adddresses, and they trace back to korea. I am considering removing the form
>>> and just using a normal email link instead. Anyone have any ideas?
>>> TIA
>>>
>>>

>> If you don't want to code out webmail addresses (gmail, hotmail etc)
>> with 'for i in etc, do
>> if then else
>>
>> and go with a normal email link, code that with javascript to stop bots
>> picking it up
>>
>> http://javascript.internet.com/forms...mail-link.html
>>
>> or
>>
>> http://innerpeace.org/escrambler.shtml

>
> That's a silly idea. You have no control over a user's environment,
> and if they choose to not have Javascript enabled (which is their
> choice) they cannot contact you.
>
> The best idea is to just code the mail form properly.


There is no completely secure way of hiding your email address from a
well constructed bot. Better to go with the lowest common denominator,
than nothing at all.

Those who choose to disable javascript will most likely have enough
clues to figure out the email address by looking at the source, which is
a darn sight easier than expecting everyone who puts up a web page to
know how to code properly in whatever language.


--
Rob
 
Reply With Quote
 
Vista
Guest
Posts: n/a
 
      07-13-2006

"Dave Taylor" <(E-Mail Removed)> wrote in message
news:Xns97FFE85F346EDdaveytaynospamplshot@203.97.3 7.6...
> "Vista" <(E-Mail Removed)> wrote in news:1152769838.470881@ftpsrv1:
>
>> I am considering removing the form
>> and just using a normal email link instead. Anyone have any ideas?
>>

>
> Force the user to be a human; the form is for people to fill out isn't
> it?.
> See:
> http://www.javascriptsearch.com/news...ittenAuth.html
> http://www.thepcspy.com/kittenauthtest
> http://www.kittenauth.com/
>
> --
> Ciao, Dave


Thanks that is an interesting idea. I however suspect that many of the
people visiting my site wouldn't actually know what to do, or why they have
to press 3 kittens to send the form, they would just wonder 'why don't you
have a normal submit button. However it is probably a good idea for forums
or even online banking.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Spam-Spam and more Spam C A Preston Computer Support 2 04-12-2004 07:15 PM



Advertisments