Roost Air Lounge => General Discussion => Topic started by: Mike on November 11, 2005, 02:59:26 AM
Title: On a more serious note. . .
Post by: Mike on November 11, 2005, 02:59:26 AM
. . . I think we need help with something. Some spammers are using our "Chicken Wings Contact Form" to send out messages to other people. Don't worry, you guys aren't going to be affected, that's blocked by all kinds of spam-ware which is costing us a fortune (but hey, we don't want a bad reputation), but it's annoying for us because we don't want to look like we're soliciting Viagra and stuff to other people. It could get us kicked out of search engines like google. . . and that would be bad. Plus we keep getting all their mail as well and it's filling up our mailbox.
Does anybody know anything about computers or about a good program??
Thanks!
Title: Re: On a more serious note. . .
Post by: MO on November 11, 2005, 03:34:08 AM
We had the same problem with a spam relayer a couple of months ago. We tried a number of "solutions" that didn't worked at all. In the end, we decided to remove the gizmo and replaced it with a good-old email address. We're still trying to fetch for a suitable program. If your server is running on Linux or similar, you should try this one:
http://www.scriptarchive.com/formmail.html
???
Cheers!
Title: Re: On a more serious note. . .
Post by: Stef on November 11, 2005, 10:37:13 AM
Yeah! *%&$ing spammers!!! >:( >:( It's amazing how much time we already spent on just trying to avoid being abused. Thanks for the link MO. I think I've already tried that script, but I couldn't customize it.
If anybody who knows about programming reads this, please help us:
What we tried is to ask people to copy a random number "$rnd", that is then called $rndcheck compared to $rnd in the form.php file. But it seems they found a way to evade this by somehow being able to enter $rnd and $rndcheck in the form.php, usually using an email address. Now I've blocked it by making sure that $rnd is no longer than 5 characters. Let's see if that works. I have the feeling that some other spammer lowlife will crack that too sooner or later...
Title: Re: On a more serious note. . .
Post by: Stef on November 11, 2005, 01:21:56 PM
Oh, one thing I just wanted to emphasize again:
If you write us an email, subscribe to our newsletter or write us through our contact form, your email address is perfectly safe! We're protected against email address harvesting. The thing happening to us is that somebody uses our contact form as an "open relay" and spams other third parties making it appear that the spam comes from an email account of our server.
Title: Re: On a more serious note. . .
Post by: Sleek-Jet on November 11, 2005, 05:20:01 PM
I've asked around a little, if I hear anything usefull, I'll pass it along to you guys. ;D
Title: Re: On a more serious note. . .
Post by: Mike on November 11, 2005, 05:25:15 PM
Thanks Sleek!
Title: Re: On a more serious note. . .
Post by: Sleek-Jet on November 12, 2005, 12:15:19 AM
I thought I'd pass this along...
Quote
This is what I used to 100% eliminate spamming of my guestbook. http://www.junkeater.com/
That other board can utilize the same devices that I used on my guestbook to limit use of their contact form to real human beings.
Title: Re: On a more serious note. . .
Post by: Mike on November 12, 2005, 12:46:29 AM
Thanks again Sleek! I'll pass that one on to my brother (but he'll probably see it in here as well) He's the computer literate one in the family...
Title: Re: On a more serious note. . .
Post by: Plthijnx on November 12, 2005, 12:49:10 AM
aw c'mon mike! the more you're on here the more you learn! i'm proof that you can teach an old dog new tricks!
Title: Re: On a more serious note. . .
Post by: Sleek-Jet on November 12, 2005, 01:04:18 AM
Thanks again Sleek! I'll pass that one on to my brother (but he'll probably see it in here as well) He's the computer literate one in the family...
Not a problem... ;D
Title: Re: On a more serious note. . .
Post by: MO on November 12, 2005, 01:14:47 AM
Old Dog -> New tricks... Mmmm, I'm still working on that. (I had a book about CGI Scripts around here, somewhere...)
Title: Re: On a more serious note. . .
Post by: Stef on November 13, 2005, 05:28:28 PM
Thanks for all the moral support you guys! It seems I've fixed the darn thing since there's no similar spam coming in. MO, if you're interested how we did it, maybe we can help you out? But I think we'll have to test run our newest solution for some time and see if it's safe this time.
Title: Re: On a more serious note. . .
Post by: MO on November 13, 2005, 09:11:45 PM
Thanks, Stef. Fly it around and let me know how it behaves... When you're ready, pass down the recipe for the "Chicken Wings Patch" so we can apply it on our program.
Cheers !
Title: Re: On a more serious note. . .
Post by: Ted_Stryker on November 30, 2005, 06:44:22 PM
One of the things that seems to work well is forcing human interaction by using a variable graphic with randomly generated text that has to be manually entered. This technique helps prevent bot scripts and other automated means of hijacking things as the graphics are very hard, if not impossible (currently) to interpret without the aid of Computer #1 (the human brain).
On my website the forms actually submit to a repository that I then scan with my own program. It filters off all but the legit looking posts, then passes them to me for approval where I can then either manually, or automatically have it posted up on the site under the actual approved file name with a digital checksum for verification (that way if the form is hacked, I get notified and the hacked form is dumped and replaced automatically).
Of course, my website gets relatively low volume due to it's rather niche appeal (Cyber Forensics). Even the email addresses on mine use an encryption to prevent them from being scooped up.
If you are interested in how I managed this, drop me a private email. I'd rather not post the specifics here for obvious reasons. ;D
Title: Re: On a more serious note. . .
Post by: Stef on December 01, 2005, 03:32:11 PM
Hi Ted! Thanks for the input! Your system sounds almost bullet-proof! Though a bit complicated. I think I can imagine how it works. However, since the last "repair" our contact form seems to be safe and is working well. I will fall back to your solution if trouble should be brewing again, if that's okay with you. I just don't want to meddle into a system that seems to be working fine. Thank you very much for your help though!! :D
Title: Re: On a more serious note. . .
Post by: Ted_Stryker on December 01, 2005, 03:37:56 PM
You're very welcome! And, I'm a firm believer in the precep of "If it isn't broken, don't fix it!" ;D
If it does become problematic though, feel free to contact me about it. I'll be glad to lend a hand.
Title: Re: On a more serious note. . .
Post by: Stef on December 01, 2005, 06:19:51 PM
Ah, that was exactly the phrase I was looking for! :) Thanks again for the offer, let's hope that we won't need your help soon though.
