Re: How to detect if a text body contains forbidden words
I am using a modified version of the old formmail.pl script on my website to get information requests mailed to me. I have modified the script to NOT send email other than to two fixed (hardcoded) addresses (myself and our sales dept). I had to do this becvause spammers started to use my request pages as spam entry points. Now the spammers have advanced and are filling the fields with html links in the hope that someone will click the links... So I want to expand the script to block sending altogether if the body contains forbidden words like 'href=' or 'http://'. But I have no clue as regards PERL programming so I would like to get some help in this. I have a form field called 'Feedback' that is loaded with the contents of a text box on my page. This text block is what I want to check for the forbidden words and either modify the subject of the outgoing email by adding something like '*** SPAM ***' to it or else not send the email at all if forbidden words are found. I think that the textbox contents can be retrieved by the following function: $CONFIG{'Feedback'} What I would like to do is to add a new function right before the mail send call inside the main procedure which could set an error if the feedback contains the forbidden words. The main procedure now looks like this: # Check Referring URL check_url; # Retrieve Date get_date; # Parse Form Contents parse_form; # Check Required Fields check_required; # Return HTML Page or Redirect User return_html; # Send E-Mail send_mail; I would like to have a checking procedure right in front of send_mail, which will fail the script if the forbidden words are present. That's one of Matt's scripts and maybe you missed the world wide movement to get everyone off Matt's scripts. Anyway, if you got that going, you would find Gunnar Hjalmarsson Contact Form a better and easier choice, and more secure. See: http://search.cpan.org/~gunnar/CGI-ContactForm-1.42/lib/CGI/ContactForm.pm You set up your form in half a dozen lines, and that's it! I am sure that you can set up spam filters to do what you want. There is a optional argument called spamfilter where you set up a regex and the example in the doco is '(?i:/a|\[/url])' but you can adjust that yourself To modify Formmail.pl, you would need to; a: Set up a hash of banned words including the url form b: Take the output of the form and discard it if it matches anything in the banned word list. Owen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
Re: How to detect if a text body contains forbidden words
Hallo I'm just an amature perl writer.. but I would think that using the m// (match) would help. somthing like # $CONFIG{'Feedback'} = the body of the message, change to whatever it is in the program if ($CONFIG{'Feedback'} =~ /href=|http:/i ) #i = ignore case { # reject code goes here exit; } As to preventing cusswords... good luck... you could do a string substitution manure is replaced by fertilizer s/manure/fertilizer/i; this way the offender never knows what words are being replaced and is less likely to try to get around this code with words like schist, or phuque or the like.. I think you get my drift. And I would do the word check right when the words are being parsed. Thats how I would do it, but then what do I know.. I'm sure there are better ways... and that certain people on this list will be quick to shoot me down while offering no help of there own... but I wanted to get my good deed for the day thing out of the way this morning ;) hope it helps. Lou So I want to expand the script to block sending altogether if the body contains forbidden words like 'href=' or 'http://'. I think that the textbox contents can be retrieved by the following function: $CONFIG{'Feedback'} What I would like to do is to add a new function right before the mail send call inside the main procedure which could set an error if the feedback contains the forbidden words. The main procedure now looks like this: # Check Referring URL check_url; # Retrieve Date get_date; # Parse Form Contents parse_form; # Check Required Fields check_required; # Return HTML Page or Redirect User return_html; # Send E-Mail send_mail; I would like to have a checking procedure right in front of send_mail, which will fail the script if the forbidden words are present. That's one of Matt's scripts and maybe you missed the world wide movement to get everyone off Matt's scripts. Anyway, if you got that going, you would find Gunnar Hjalmarsson Contact Form a better and easier choice, and more secure. See: http://search.cpan.org/~gunnar/CGI-ContactForm-1.42/lib/CGI/ContactForm.pm You set up your form in half a dozen lines, and that's it! I am sure that you can set up spam filters to do what you want. There is a optional argument called spamfilter where you set up a regex and the example in the doco is '(?i:/a|\[/url])' but you can adjust that yourself To modify Formmail.pl, you would need to; a: Set up a hash of banned words including the url form b: Take the output of the form and discard it if it matches anything in the banned word list. Owen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.0/1135 - Release Date: 11/16/07 10:58 PM -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
Re: How to detect if a text body contains forbidden words
On Tue, 20 Nov 2007 18:39:25 +0100, Bo Berglund [EMAIL PROTECTED] wrote: On Tue, 20 Nov 2007 08:25:15 -0500, Lou Hernsen [EMAIL PROTECTED] wrote: Hallo I'm just an amature perl writer.. but I would think that using the m// (match) would help. somthing like # $CONFIG{'Feedback'} = the body of the message, change to whatever it is in the program if ($CONFIG{'Feedback'} =~ /href=|http:/i ) #i = ignore case { # reject code goes here exit; } As to preventing cusswords... good luck... you could do a string substitution manure is replaced by fertilizer s/manure/fertilizer/i; this way the offender never knows what words are being replaced and is less likely to try to get around this code with words like schist, or phuque or the like.. I think you get my drift. And I would do the word check right when the words are being parsed. Thats how I would do it, but then what do I know.. I'm sure there are better ways... and that certain people on this list will be quick to shoot me down while offering no help of there own... but I wanted to get my good deed for the day thing out of the way this morning ;) Appreciated! hope it helps. Lou Thanks, I think it is a help in the right direction! :-) I thought of adding one more checking function in the middle of the sequence of the main function like this: ... # Parse Form Contents parse_form; # Reject spammers == This is what I like to add spam_reject; # Check Required Fields check_required; ... Then I would have the new function doing something like this using your example and the existing code for other checks: sub spam_reject { if ($CONFIG{'Feedback'} =~ /href=|http:/i ) #i = ignore case { # reject code goes here push(@ERROR,'*SPAM*'); } if (@ERROR) { error('spam_contents', @ERROR); } } Then I would add something like this to the error subroutine in the middle of the error causes parsing: elsif ($error eq 'spam_contents') { print html\n head\n titleError: SPAM/title\n /head\n; print /head\n body; # Get Body Tag Attributes body_attributes; # Close Body Tag print \n center\n\n; print h1Error: SPAM! /h1\n /center\n\n; print pThe data you entered is considered SPAM!/p\n; print /body/html\n; } There is an exit at the end of the error subroutine already. Do you think that this would work? I tested it now but it did not work, I got the email out anyway What did I do wrong in the syntax above? Bo Berglund -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
Re: How to detect if a text body contains forbidden words
On Tue, 20 Nov 2007 08:25:15 -0500, Lou Hernsen [EMAIL PROTECTED] wrote: Hallo I'm just an amature perl writer.. but I would think that using the m// (match) would help. somthing like # $CONFIG{'Feedback'} = the body of the message, change to whatever it is in the program if ($CONFIG{'Feedback'} =~ /href=|http:/i ) #i = ignore case { # reject code goes here exit; } As to preventing cusswords... good luck... you could do a string substitution manure is replaced by fertilizer s/manure/fertilizer/i; this way the offender never knows what words are being replaced and is less likely to try to get around this code with words like schist, or phuque or the like.. I think you get my drift. And I would do the word check right when the words are being parsed. Thats how I would do it, but then what do I know.. I'm sure there are better ways... and that certain people on this list will be quick to shoot me down while offering no help of there own... but I wanted to get my good deed for the day thing out of the way this morning ;) Appreciated! hope it helps. Lou Thanks, I think it is a help in the right direction! :-) I thought of adding one more checking function in the middle of the sequence of the main function like this: ... # Parse Form Contents parse_form; # Reject spammers == This is what I like to add spam_reject; # Check Required Fields check_required; ... Then I would have the new function doing something like this using your example and the existing code for other checks: sub spam_reject { if ($CONFIG{'Feedback'} =~ /href=|http:/i ) #i = ignore case { # reject code goes here push(@ERROR,'*SPAM*'); } if (@ERROR) { error('spam_contents', @ERROR); } } Then I would add something like this to the error subroutine in the middle of the error causes parsing: elsif ($error eq 'spam_contents') { print html\n head\n titleError: SPAM/title\n /head\n; print /head\n body; # Get Body Tag Attributes body_attributes; # Close Body Tag print \n center\n\n; print h1Error: SPAM! /h1\n /center\n\n; print pThe data you entered is considered SPAM!/p\n; print /body/html\n; } There is an exit at the end of the error subroutine already. Do you think that this would work? Bo Berglund -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
Re: How to detect if a text body contains forbidden words
On Tue, 20 Nov 2007 19:58:50 +1100 (EST), Owen [EMAIL PROTECTED] wrote: I am using a modified version of the old formmail.pl script on my website to get information requests mailed to me. I have modified the script to NOT send email other than to two fixed (hardcoded) addresses (myself and our sales dept). I had to do this becvause spammers started to use my request pages as spam entry points. Now the spammers have advanced and are filling the fields with html links in the hope that someone will click the links... So I want to expand the script to block sending altogether if the body contains forbidden words like 'href=' or 'http://'. But I have no clue as regards PERL programming so I would like to get some help in this. I have a form field called 'Feedback' that is loaded with the contents of a text box on my page. This text block is what I want to check for the forbidden words and either modify the subject of the outgoing email by adding something like '*** SPAM ***' to it or else not send the email at all if forbidden words are found. I think that the textbox contents can be retrieved by the following function: $CONFIG{'Feedback'} What I would like to do is to add a new function right before the mail send call inside the main procedure which could set an error if the feedback contains the forbidden words. The main procedure now looks like this: # Check Referring URL check_url; # Retrieve Date get_date; # Parse Form Contents parse_form; # Check Required Fields check_required; # Return HTML Page or Redirect User return_html; # Send E-Mail send_mail; I would like to have a checking procedure right in front of send_mail, which will fail the script if the forbidden words are present. That's one of Matt's scripts and maybe you missed the world wide movement to get everyone off Matt's scripts. Anyway, if you got that going, you would find Gunnar Hjalmarsson Contact Form a better and easier choice, and more secure. See: http://search.cpan.org/~gunnar/CGI-ContactForm-1.42/lib/CGI/ContactForm.pm You set up your form in half a dozen lines, and that's it! I am sure that you can set up spam filters to do what you want. There is a optional argument called spamfilter where you set up a regex and the example in the doco is '(?i:/a|\[/url])' but you can adjust that yourself To modify Formmail.pl, you would need to; a: Set up a hash of banned words including the url form b: Take the output of the form and discard it if it matches anything in the banned word list. Owen I know that Matt's FormMail is a bit insecure, but I have based my site on it after cutting a lot of it out. For example it is not able to send anything to anyone by entering an email address. All sending is done strictly to hardcoded recipients (us). The problem is that we are now being swamped by requests filled with a lot of http links instead of our customers business related questions. It hurts only our sales people who have to read all of the crap the spammers enter. So I would like to stop it right at the website by not sending anything at all out with links in the text. Since we have had the site running about 10 years now with the FormMail derivative script I don't feel like changing it, but you never know in the future... So I will surely bookmark the link you gave for future reference. Thanks for replying! Bo Berglund -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
Re: How to detect if a text body contains forbidden words
On Tue, 20 Nov 2007 20:03:38 +0100, Gunnar Hjalmarsson [EMAIL PROTECTED] wrote: Bo Berglund wrote: The problem is that we are now being swamped by requests filled with a lot of http links instead of our customers business related questions. It hurts only our sales people who have to read all of the crap the spammers enter. So I would like to stop it right at the website by not sending anything at all out with links in the text. It's common practice to include web addresses in emails, so treating all messages with 'http://' in them as spam will most likely give you false positives. CGI::ContactForm, as Owen mentioned, uses two techniques to stop spam. The 'spamfilter' regex is one of them, and there is also a cookie based method for preventing automated messages from being sent. OK, about common use of web addresses, but our forms are designed to collect product interest information via checkboxes and they also have a small text input field for a request from the customer to us. Our legitimate customers so far have never entered an URL into a legitimate request... What the spammers do is to autofill the textbox on the form with text that is about 50% URL links and the remainder is bogus text. What we now want is to detect those emails at the webserver itself so they don't get sent at all. Anyone entering URL:s as part of a product information request is spamming in my mind. They are spamming our customer support and sales persons who are processing the received emails I also had a look at the link to the ContactForm page but I must say I don't understand it. Looks like I am supposed to install something on the webserver (using make), but ours is a web hosting company that only allows us to FTP our files to the server. They also allow PERL cgi scripts, but that is about all access I have. What I am looking for here is help in formulating the PERL syntax right so that my existing script will exit without sending an email if the bad words are found. These are just http:, href= and url= (case insensitive matching). My first test failed since I received an email when I tried to post a text which I copied from one of the spam mails. If possible see my previous post where I wrote what I put into the script and which turned out not to work. Thanks, Bo Berglund -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
mod_perl newbie gotcha
Looking for help from anyone with mod_perl experience - I have been caught by a classic newbie gotcha... I think. Running Activestate Perl v5.8.8 for MSWin32, Apache 2.0 for Win32 I believe I have correctly installed mod_perl as $ENV{'MOD_PERL'} correctly reports the version mod_perl/2.0.3 Two simple example CGI scripts - *The first sends the contents and name of textfield to the second. *The second script should then print the value of the textfield to the screen. The problem is that after the first successful send/receive, all subsequent executions contain the same initial data: the parameters never get reset with 'newer' data. I understand that mod_perl is pretty fussy about closing down assignments and undefining variables, working with 'strict' and avoiding Globals. I would appreciate anyone pointing out the (hopefully) obvious mistake in my code below - or any guidance at all. Cheers NJH pass_from.cgi -- #!c:/perl/bin/perl.exe use warnings; use strict; use CGI; use CGI::Carp qw(fatalsToBrowser); use DBI; my $q = new CGI; print $q-header, $q-start_html(-title='Pass From'), mod_perl - $ENV{'MOD_PERL'}p, $q-start_multipart_form(-action=pass_to.cgi), $q-textfield(-name='id', -size=10), $q-submit(), $q-end_form(); $q-delete('id'); print $q-end_html; exit(); pass_to.cgi -- #!c:/perl/bin/perl.exe use warnings; use strict; use CGI; use CGI::Carp qw(fatalsToBrowser); use DBI; my $q = new CGI; print $q-header, $q-start_html(-title='Pass To'), mod_perl - $ENV{'MOD_PERL'}p; foreach my $val($q-param()){print $val: ,$q-param($val);} print pa href='pass_from.cgi'Return/a; $q-delete('id'); print $q-end_html; exit(); -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
Re: How to detect if a text body contains forbidden words
On Tue, 20 Nov 2007 19:01:08 +0100, Bo Berglund [EMAIL PROTECTED] wrote: sub spam_reject { if ($CONFIG{'Feedback'} =~ /href=|http:/i ) #i = ignore case { # reject code goes here push(@ERROR,'*SPAM*'); } if (@ERROR) { error('spam_contents', @ERROR); } Do you think that this would work? I tested it now but it did not work, I got the email out anyway What did I do wrong in the syntax above? Turns out that the Feedback is not in the $CONFIG array, by changing $CONFIG to $FORM it worked! Thanks again for pointing me in the right direction. Bo Berglund -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
Re: mod_perl newbie gotcha
[EMAIL PROTECTED] wrote: The problem is that after the first successful send/receive, all subsequent executions contain the same initial data: the parameters never get reset with 'newer' data. I wasn't able to reproduce the described problem. -- Gunnar Hjalmarsson Email: http://www.gunnar.cc/cgi-bin/contact.pl -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/