Re: Blocking form spam

This WebDNA talk-list message is from

2006


It keeps the original formatting.
numero = 67928
interpreted = N
texte = After looking through my logs and completed mail folder I have come up with this: [TEXT]BlockMessage=F[/TEXT] [TEXT]BlockThis=cc:#Subject:#content-type:#multipart/ alternative;#multi-part#boundary=[/TEXT] [ListWords Words=[BlockThis]&Delimiters=#] [ShowIf [passedvariable]^[word]][TEXT]BlockMessage=T[/TEXT][/ShowIf] [/ListWords] [HideIf [BlockMessage]=T] Sendmail goes here [/HideIf] Stuart Tremain idfk web developments, sydney, australia On 10 Aug 2006, at 9:18 AM, Tom Duke wrote: > Stuart, > > My problem was determining what characters to grep for and be > confident > that I am catching the attempts to push email through my forms. > > Just to be clear there are two things happening to my forms:- > > > 1. Contact Form Spam / Comment Spam > This is where a spammer is sending loads of links through the form > hoping (I assume) that it may show up on a live web page (like a > blog or > guestbook) and help their google rating. What I have done here is > check > for the string 'http://' in fields where it is not appropriate and > then > block the form from sending if any are present. Where the field may > contain a link (like a comment textarea) then I count the number of > links and block if more than say five links or more are in the field. > > Links : [listwords words=[grep search=[url]http://[/url]&replace= | > ][COMMENT][/grep]&delimiters=|][text]links=[index][/text][/ > listwords][li > nks] > > > 2. Email Injection Spam > This is more worrying and is where a spammer tries to hijack a form > and > use it as an SMTP proxy to send spam. > (http://www.securephpwiki.com/index.php/Email_Injection) They do this > by putting strings like the following into form fields:- > > sender@anonymous.www%0ACc:recipient@someothersite.xxx% > 0ABcc:somebloke@gr > rrr.xxx,someotherbloke@oooops.xxx > > If the data from this field is passed on anywhere within a [sendmail] > context then the third party will get an email. The headers can be > messed around with more to fully hijack the form. After trial and > error > I have found the following grep seems to work: > > [grep search=(%250A|%250D|[cC][cC])&replace=][formfield][/grep] > > It removes linefeeds, carriage returns, and 'Cc' (also effectively > catching 'Bcc') > > > Sorry if I seem to be going on too much about this but I found a > couple > of my forms were exposed and it scared the crap out of me. I haven't > come across anything in the docs or on this list yet which highlights > that variables have to be checked and cleaned before being included > in a > sendmail context. Maybe its obvious that this should be done but I > had > missed it nonetheless. > > - Tom > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Blocking form spam ( Stuart Tremain 2006)
  2. Re: Blocking form spam ( Terry Wilson 2006)
  3. Re: Blocking form spam ( Stuart Tremain 2006)
  4. Re: Blocking form spam ( "Tom Duke" 2006)
  5. Re: Blocking form spam ( Stuart Tremain 2006)
  6. Re: Blocking form spam ( WJ Starck 2006)
  7. Re: Blocking form spam ( Gary Krockover 2006)
  8. Re: Blocking form spam ( Donovan Brooke 2006)
  9. Re: Blocking form spam ( "Brian B. Burton" 2006)
  10. Re: Blocking form spam ( WJ Starck 2006)
  11. Re: Blocking form spam ( Terry Wilson 2006)
  12. Re: Blocking form spam ( Stuart Tremain 2006)
  13. Blocking form spam ( "Tom Duke" 2006)
After looking through my logs and completed mail folder I have come up with this: [text]BlockMessage=F[/TEXT] [text]BlockThis=cc:#Subject:#content-type:#multipart/ alternative;#multi-part#boundary=[/TEXT] [ListWords Words=[BlockThis]&Delimiters=#] [ShowIf [passedvariable]^[word]][text]BlockMessage=T[/TEXT][/ShowIf] [/ListWords] [HideIf [BlockMessage]=T] Sendmail goes here [/HideIf] Stuart Tremain idfk web developments, sydney, australia On 10 Aug 2006, at 9:18 AM, Tom Duke wrote: > Stuart, > > My problem was determining what characters to grep for and be > confident > that I am catching the attempts to push email through my forms. > > Just to be clear there are two things happening to my forms:- > > > 1. Contact Form Spam / Comment Spam > This is where a spammer is sending loads of links through the form > hoping (I assume) that it may show up on a live web page (like a > blog or > guestbook) and help their google rating. What I have done here is > check > for the string 'http://' in fields where it is not appropriate and > then > block the form from sending if any are present. Where the field may > contain a link (like a comment textarea) then I count the number of > links and block if more than say five links or more are in the field. > > Links : [listwords words=[grep search=[url]http://[/url]&replace= | > ][COMMENT][/grep]&delimiters=|][text]links=[index][/text][/ > listwords][li > nks] > > > 2. Email Injection Spam > This is more worrying and is where a spammer tries to hijack a form > and > use it as an SMTP proxy to send spam. > (http://www.securephpwiki.com/index.php/Email_Injection) They do this > by putting strings like the following into form fields:- > > sender@anonymous.www%0ACc:recipient@someothersite.xxx% > 0ABcc:somebloke@gr > rrr.xxx,someotherbloke@oooops.xxx > > If the data from this field is passed on anywhere within a [sendmail] > context then the third party will get an email. The headers can be > messed around with more to fully hijack the form. After trial and > error > I have found the following grep seems to work: > > [grep search=(%250A|%250D|[cC][cC])&replace=][formfield][/grep] > > It removes linefeeds, carriage returns, and 'Cc' (also effectively > catching 'Bcc') > > > Sorry if I seem to be going on too much about this but I found a > couple > of my forms were exposed and it scared the crap out of me. I haven't > come across anything in the docs or on this list yet which highlights > that variables have to be checked and cleaned before being included > in a > sendmail context. Maybe its obvious that this should be done but I > had > missed it nonetheless. > > - Tom > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WC1.6 to WC2 date formatting (1997) Preloading code? (2002) [WebDNA] Styling search results [using css] (2009) Date search - yes or no (1997) Trouble with formula.db (1997) [WebDNA] Multiple Instances of WebDNA causing multiple copies of emails (2012) multiple databases (1997) [NT] ie 4.0 required (1997) The Depths of Credit Card Payment (2003) Emailer setup (1997) A little syntax help (1997) webcat plugin issue (2001) RE: [WebDNA] Fwd: RETS... HELP! (2009) Compressed cookies? (2003) WebCat2: multiple currency support (1997) Question About XML Style Syntax (2000) total number of matches (1999) Upgrading old WebCat Database Files (1997) Math Function (1997) Dynamic Lists (2005)