Re: Blocking form spam

This WebDNA talk-list message is from

2006


It keeps the original formatting.
numero = 67926
interpreted = N
texte = Interesting that you point this out Tom. I had guestbook entries getting hammered as you noted, I put in the link catch that you have done, I also used a CAPTCHA that i devised. I also blocked IP addresses that I logged. These have fixed that problem. I have also seen the second problem that you mention but I didn't think that the emails were being generated. I will have to check my logs and see if they are having any success. Tom, thanks for your notes on this subject, I will be investigating this more closely today! Stuart Tremain idfk web developments, sydney, australia On 10 Aug 2006, at 9:18 AM, Tom Duke wrote: > Stuart, > > My problem was determining what characters to grep for and be > confident > that I am catching the attempts to push email through my forms. > > Just to be clear there are two things happening to my forms:- > > > 1. Contact Form Spam / Comment Spam > This is where a spammer is sending loads of links through the form > hoping (I assume) that it may show up on a live web page (like a > blog or > guestbook) and help their google rating. What I have done here is > check > for the string 'http://' in fields where it is not appropriate and > then > block the form from sending if any are present. Where the field may > contain a link (like a comment textarea) then I count the number of > links and block if more than say five links or more are in the field. > > Links : [listwords words=[grep search=[url]http://[/url]&replace= | > ][COMMENT][/grep]&delimiters=|][text]links=[index][/text][/ > listwords][li > nks] > > > 2. Email Injection Spam > This is more worrying and is where a spammer tries to hijack a form > and > use it as an SMTP proxy to send spam. > (http://www.securephpwiki.com/index.php/Email_Injection) They do this > by putting strings like the following into form fields:- > > sender@anonymous.www%0ACc:recipient@someothersite.xxx% > 0ABcc:somebloke@gr > rrr.xxx,someotherbloke@oooops.xxx > > If the data from this field is passed on anywhere within a [sendmail] > context then the third party will get an email. The headers can be > messed around with more to fully hijack the form. After trial and > error > I have found the following grep seems to work: > > [grep search=(%250A|%250D|[cC][cC])&replace=][formfield][/grep] > > It removes linefeeds, carriage returns, and 'Cc' (also effectively > catching 'Bcc') > > > Sorry if I seem to be going on too much about this but I found a > couple > of my forms were exposed and it scared the crap out of me. I haven't > come across anything in the docs or on this list yet which highlights > that variables have to be checked and cleaned before being included > in a > sendmail context. Maybe its obvious that this should be done but I > had > missed it nonetheless. > > - Tom > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Blocking form spam ( Stuart Tremain 2006)
  2. Re: Blocking form spam ( Terry Wilson 2006)
  3. Re: Blocking form spam ( Stuart Tremain 2006)
  4. Re: Blocking form spam ( "Tom Duke" 2006)
  5. Re: Blocking form spam ( Stuart Tremain 2006)
  6. Re: Blocking form spam ( WJ Starck 2006)
  7. Re: Blocking form spam ( Gary Krockover 2006)
  8. Re: Blocking form spam ( Donovan Brooke 2006)
  9. Re: Blocking form spam ( "Brian B. Burton" 2006)
  10. Re: Blocking form spam ( WJ Starck 2006)
  11. Re: Blocking form spam ( Terry Wilson 2006)
  12. Re: Blocking form spam ( Stuart Tremain 2006)
  13. Blocking form spam ( "Tom Duke" 2006)
Interesting that you point this out Tom. I had guestbook entries getting hammered as you noted, I put in the link catch that you have done, I also used a CAPTCHA that i devised. I also blocked IP addresses that I logged. These have fixed that problem. I have also seen the second problem that you mention but I didn't think that the emails were being generated. I will have to check my logs and see if they are having any success. Tom, thanks for your notes on this subject, I will be investigating this more closely today! Stuart Tremain idfk web developments, sydney, australia On 10 Aug 2006, at 9:18 AM, Tom Duke wrote: > Stuart, > > My problem was determining what characters to grep for and be > confident > that I am catching the attempts to push email through my forms. > > Just to be clear there are two things happening to my forms:- > > > 1. Contact Form Spam / Comment Spam > This is where a spammer is sending loads of links through the form > hoping (I assume) that it may show up on a live web page (like a > blog or > guestbook) and help their google rating. What I have done here is > check > for the string 'http://' in fields where it is not appropriate and > then > block the form from sending if any are present. Where the field may > contain a link (like a comment textarea) then I count the number of > links and block if more than say five links or more are in the field. > > Links : [listwords words=[grep search=[url]http://[/url]&replace= | > ][COMMENT][/grep]&delimiters=|][text]links=[index][/text][/ > listwords][li > nks] > > > 2. Email Injection Spam > This is more worrying and is where a spammer tries to hijack a form > and > use it as an SMTP proxy to send spam. > (http://www.securephpwiki.com/index.php/Email_Injection) They do this > by putting strings like the following into form fields:- > > sender@anonymous.www%0ACc:recipient@someothersite.xxx% > 0ABcc:somebloke@gr > rrr.xxx,someotherbloke@oooops.xxx > > If the data from this field is passed on anywhere within a [sendmail] > context then the third party will get an email. The headers can be > messed around with more to fully hijack the form. After trial and > error > I have found the following grep seems to work: > > [grep search=(%250A|%250D|[cC][cC])&replace=][formfield][/grep] > > It removes linefeeds, carriage returns, and 'Cc' (also effectively > catching 'Bcc') > > > Sorry if I seem to be going on too much about this but I found a > couple > of my forms were exposed and it scared the crap out of me. I haven't > come across anything in the docs or on this list yet which highlights > that variables have to be checked and cleaned before being included > in a > sendmail context. Maybe its obvious that this should be done but I > had > missed it nonetheless. > > - Tom > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

pc (1997) [WebDNA] test (2008) [WriteFile] problems (1997) [WebDNA] Mac OS X 10.9.2 Webdna Installation Instructions (2014) Calendar (1997) Moment of Thanks (1997) How do I send a 404 HTTP header ? (2004) WebCatalog for guestbook ? (1997) carriage returns in data (1997) Nav. 4 probs with cart - Serious problem (1997) Bad URL reference? (1997) [ShowCart]-- was ThankYou page problems (1997) WCS Newbie question (1997) WebDNA Writer Needed (1997) Spiders and Bots (2000) PCS Frames (1997) The [shownext] limitations (2002) [OT] - Credit card processing company fees (2004) test (2000) Showif Context combined with Search (1997)