Re: [WSG] FeedBack Form Spam

2008-09-19 Thread Michael MD
Human-only precautions such as a CAPTHA for form entry helps, as does some 
anti-spam features on your web server.  However, my server
gets hammered with thousands of spam a day... and I got so frustrated with 
that sort of thing that I changed my feedback form to a text field that 
saved the contents into a CSV file.


Bots and other spam bounced harmlessly away.  However, would you believe 
people HAND TYPED spam into the form?  Who has that kind of time on their 
hands?  Oh... yeah... spammers.


not surprising at all ...

I suspect that some of the bigger spammers are using sweatshop slave labour 
to sign up lots of yahoo/hotmail/gmail/etc email addresses to use to receive 
and process verification emails for bots that can actually sign up as users 
on websites.


I see lots of bots trying to register on anything that looks at all like a 
user registration form and have to keep coming up with new tricks to keep 
them out. (eg bot trap fields, passing id's across forms, javascript tricks, 
heuristics, etc).


I hate captchas and have so far avoided using them.

(btw I've even seen spam posts advertising capcha services! - very sus ... )





IMPORTANT: - if a form causes email to be sent (like a site contact form) 
MAKE SURE that your script strips newlines from any fields that end up in 
the mail header.


If newline chars are not stripped it can be very easy for a spammer to 
inject extra bcc headers and use it to send email spam to long lists of 
email addresses.
(this is very common - I've seen lots of badly-written form-to-email scripts 
abused this way over the years and if asked to check on a website reported 
to be sending email spam it is one of the first things I look for!)






***
List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm
Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm
Help: [EMAIL PROTECTED]
***



RE: [WSG] FeedBack Form Spam

2008-09-18 Thread Conyers, Dwayne
Marvin Hunkin [EMAIL PROTECTED] ink wired:

 i keep getting spam e-mails.

snip

 how do i protect my self against this sort of thing.


Human-only precautions such as a CAPTHA for form entry helps, as does some 
anti-spam features on your web server.  However, my server gets hammered with 
thousands of spam a day... and I got so frustrated with that sort of thing that 
I changed my feedback form to a text field that saved the contents into a CSV 
file.

Bots and other spam bounced harmlessly away.  However, would you believe people 
HAND TYPED spam into the form?  Who has that kind of time on their hands?  
Oh... yeah... spammers.

Now, the only form of contact I accept is snail mail.  Not many scammers will 
pay 42ยข to spam you...

--
I made magic once.  Now the sofa is gone.
http://blog.dwacon.com


***
List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm
Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm
Help: [EMAIL PROTECTED]
***



[WSG] FeedBack Form Spam

2008-09-17 Thread Marvin Hunkin
Hi.
on my site at http://startrekcafe.stevesdomain.net and i keep getting spam 
e-mails.
and used the http://www.thesitecountry.com java and php script.
now thought that had built in code, to stop scammers and spammers e-mailing 
me.
how do i protect my self against this sort of thing.
cheers Marvin. 




***
List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm
Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm
Help: [EMAIL PROTECTED]
***