Re: How to detect if a text body contains forbidden words
I am using a modified version of the old formmail.pl script on my
website to get information requests mailed to me.
I have modified the script to NOT send email other than to two fixed
(hardcoded) addresses (myself and our sales dept). I had to do this
becvause spammers started to use my request pages as spam entry
points.
Now the spammers have advanced and are filling the fields with html
links in the hope that someone will click the links...
So I want to expand the script to block sending altogether if the body
contains forbidden words like 'href=' or 'http://'.
But I have no clue as regards PERL programming so I would like to get
some help in this.
I have a form field called 'Feedback' that is loaded with the contents
of a text box on my page. This text block is what I want to check for
the forbidden words and either modify the subject of the outgoing
email by adding something like '*** SPAM ***' to it or else not send
the email at all if forbidden words are found.
I think that the textbox contents can be retrieved by the following
function:
$CONFIG{'Feedback'}
What I would like to do is to add a new function right before the mail
send call inside the main procedure which could set an error if the
feedback contains the forbidden words.
The main procedure now looks like this:
# Check Referring URL
check_url;
# Retrieve Date
get_date;
# Parse Form Contents
parse_form;
# Check Required Fields
check_required;
# Return HTML Page or Redirect User
return_html;
# Send E-Mail
send_mail;
I would like to have a checking procedure right in front of
send_mail, which will fail the script if the forbidden words are
present.
That's one of Matt's scripts and maybe you missed the world wide movement
to get everyone off Matt's scripts. Anyway, if you got that going, you
would find
Gunnar Hjalmarsson Contact Form a better and easier choice, and more
secure. See:
http://search.cpan.org/~gunnar/CGI-ContactForm-1.42/lib/CGI/ContactForm.pm
You set up your form in half a dozen lines, and that's it!
I am sure that you can set up spam filters to do what you want. There is a
optional argument called spamfilter where you set up a regex and the
example in the doco is '(?i:/a|\[/url])' but you can adjust that
yourself
To modify Formmail.pl, you would need to;
a: Set up a hash of banned words including the url form
b: Take the output of the form and discard it if it matches anything in
the banned word list.
Owen
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
Re: How to detect if a text body contains forbidden words
Hallo
I'm just an amature perl writer..
but I would think that using the m// (match) would help. somthing like
# $CONFIG{'Feedback'} = the body of the message, change to whatever it is in
the program
if ($CONFIG{'Feedback'} =~ /href=|http:/i ) #i = ignore case
{
# reject code goes here
exit;
}
As to preventing cusswords... good luck...
you could do a string substitution manure is replaced by fertilizer
s/manure/fertilizer/i;
this way the offender never knows what words are being replaced and is less
likely to try to get around this code with words like schist, or phuque or
the like.. I think you get my drift.
And I would do the word check right when the words are being parsed.
Thats how I would do it, but then what do I know..
I'm sure there are better ways... and that certain people on this list will
be quick to shoot me down
while offering no help of there own... but I wanted to get my good deed
for the day thing out of the way
this morning ;)
hope it helps.
Lou
So I want to expand the script to block sending altogether if the body
contains forbidden words like 'href=' or 'http://'.
I think that the textbox contents can be retrieved by the following
function:
$CONFIG{'Feedback'}
What I would like to do is to add a new function right before the mail
send call inside the main procedure which could set an error if the
feedback contains the forbidden words.
The main procedure now looks like this:
# Check Referring URL
check_url;
# Retrieve Date
get_date;
# Parse Form Contents
parse_form;
# Check Required Fields
check_required;
# Return HTML Page or Redirect User
return_html;
# Send E-Mail
send_mail;
I would like to have a checking procedure right in front of
send_mail, which will fail the script if the forbidden words are
present.
That's one of Matt's scripts and maybe you missed the world wide movement
to get everyone off Matt's scripts. Anyway, if you got that going, you
would find
Gunnar Hjalmarsson Contact Form a better and easier choice, and more
secure. See:
http://search.cpan.org/~gunnar/CGI-ContactForm-1.42/lib/CGI/ContactForm.pm
You set up your form in half a dozen lines, and that's it!
I am sure that you can set up spam filters to do what you want. There is a
optional argument called spamfilter where you set up a regex and the
example in the doco is '(?i:/a|\[/url])' but you can adjust that
yourself
To modify Formmail.pl, you would need to;
a: Set up a hash of banned words including the url form
b: Take the output of the form and discard it if it matches anything in
the banned word list.
Owen
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.0/1135 - Release Date: 11/16/07
10:58 PM
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
Re: How to detect if a text body contains forbidden words
On Tue, 20 Nov 2007 18:39:25 +0100, Bo Berglund
[EMAIL PROTECTED] wrote:
On Tue, 20 Nov 2007 08:25:15 -0500, Lou Hernsen
[EMAIL PROTECTED] wrote:
Hallo
I'm just an amature perl writer..
but I would think that using the m// (match) would help. somthing like
# $CONFIG{'Feedback'} = the body of the message, change to whatever it is in
the program
if ($CONFIG{'Feedback'} =~ /href=|http:/i ) #i = ignore case
{
# reject code goes here
exit;
}
As to preventing cusswords... good luck...
you could do a string substitution manure is replaced by fertilizer
s/manure/fertilizer/i;
this way the offender never knows what words are being replaced and is less
likely to try to get around this code with words like schist, or phuque or
the like.. I think you get my drift.
And I would do the word check right when the words are being parsed.
Thats how I would do it, but then what do I know..
I'm sure there are better ways... and that certain people on this list will
be quick to shoot me down
while offering no help of there own... but I wanted to get my good deed
for the day thing out of the way this morning ;)
Appreciated!
hope it helps.
Lou
Thanks,
I think it is a help in the right direction! :-)
I thought of adding one more checking function in the middle of the
sequence of the main function like this:
...
# Parse Form Contents
parse_form;
# Reject spammers == This is what I like to add
spam_reject;
# Check Required Fields
check_required;
...
Then I would have the new function doing something like this using
your example and the existing code for other checks:
sub spam_reject {
if ($CONFIG{'Feedback'} =~ /href=|http:/i ) #i = ignore case
{
# reject code goes here
push(@ERROR,'*SPAM*');
}
if (@ERROR) {
error('spam_contents', @ERROR);
}
}
Then I would add something like this to the error subroutine in the
middle of the error causes parsing:
elsif ($error eq 'spam_contents') {
print html\n head\n titleError: SPAM/title\n /head\n;
print /head\n body;
# Get Body Tag Attributes
body_attributes;
# Close Body Tag
print \n center\n\n;
print h1Error: SPAM! /h1\n /center\n\n;
print pThe data you entered is considered SPAM!/p\n;
print /body/html\n;
}
There is an exit at the end of the error subroutine already.
Do you think that this would work?
I tested it now but it did not work, I got the email out anyway
What did I do wrong in the syntax above?
Bo Berglund
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
Re: How to detect if a text body contains forbidden words
On Tue, 20 Nov 2007 08:25:15 -0500, Lou Hernsen
[EMAIL PROTECTED] wrote:
Hallo
I'm just an amature perl writer..
but I would think that using the m// (match) would help. somthing like
# $CONFIG{'Feedback'} = the body of the message, change to whatever it is in
the program
if ($CONFIG{'Feedback'} =~ /href=|http:/i ) #i = ignore case
{
# reject code goes here
exit;
}
As to preventing cusswords... good luck...
you could do a string substitution manure is replaced by fertilizer
s/manure/fertilizer/i;
this way the offender never knows what words are being replaced and is less
likely to try to get around this code with words like schist, or phuque or
the like.. I think you get my drift.
And I would do the word check right when the words are being parsed.
Thats how I would do it, but then what do I know..
I'm sure there are better ways... and that certain people on this list will
be quick to shoot me down
while offering no help of there own... but I wanted to get my good deed
for the day thing out of the way this morning ;)
Appreciated!
hope it helps.
Lou
Thanks,
I think it is a help in the right direction! :-)
I thought of adding one more checking function in the middle of the
sequence of the main function like this:
...
# Parse Form Contents
parse_form;
# Reject spammers == This is what I like to add
spam_reject;
# Check Required Fields
check_required;
...
Then I would have the new function doing something like this using
your example and the existing code for other checks:
sub spam_reject {
if ($CONFIG{'Feedback'} =~ /href=|http:/i ) #i = ignore case
{
# reject code goes here
push(@ERROR,'*SPAM*');
}
if (@ERROR) {
error('spam_contents', @ERROR);
}
}
Then I would add something like this to the error subroutine in the
middle of the error causes parsing:
elsif ($error eq 'spam_contents') {
print html\n head\n titleError: SPAM/title\n /head\n;
print /head\n body;
# Get Body Tag Attributes
body_attributes;
# Close Body Tag
print \n center\n\n;
print h1Error: SPAM! /h1\n /center\n\n;
print pThe data you entered is considered SPAM!/p\n;
print /body/html\n;
}
There is an exit at the end of the error subroutine already.
Do you think that this would work?
Bo Berglund
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
Re: How to detect if a text body contains forbidden words
On Tue, 20 Nov 2007 19:58:50 +1100 (EST), Owen [EMAIL PROTECTED]
wrote:
I am using a modified version of the old formmail.pl script on my
website to get information requests mailed to me.
I have modified the script to NOT send email other than to two fixed
(hardcoded) addresses (myself and our sales dept). I had to do this
becvause spammers started to use my request pages as spam entry
points.
Now the spammers have advanced and are filling the fields with html
links in the hope that someone will click the links...
So I want to expand the script to block sending altogether if the body
contains forbidden words like 'href=' or 'http://'.
But I have no clue as regards PERL programming so I would like to get
some help in this.
I have a form field called 'Feedback' that is loaded with the contents
of a text box on my page. This text block is what I want to check for
the forbidden words and either modify the subject of the outgoing
email by adding something like '*** SPAM ***' to it or else not send
the email at all if forbidden words are found.
I think that the textbox contents can be retrieved by the following
function:
$CONFIG{'Feedback'}
What I would like to do is to add a new function right before the mail
send call inside the main procedure which could set an error if the
feedback contains the forbidden words.
The main procedure now looks like this:
# Check Referring URL
check_url;
# Retrieve Date
get_date;
# Parse Form Contents
parse_form;
# Check Required Fields
check_required;
# Return HTML Page or Redirect User
return_html;
# Send E-Mail
send_mail;
I would like to have a checking procedure right in front of
send_mail, which will fail the script if the forbidden words are
present.
That's one of Matt's scripts and maybe you missed the world wide movement
to get everyone off Matt's scripts. Anyway, if you got that going, you
would find
Gunnar Hjalmarsson Contact Form a better and easier choice, and more
secure. See:
http://search.cpan.org/~gunnar/CGI-ContactForm-1.42/lib/CGI/ContactForm.pm
You set up your form in half a dozen lines, and that's it!
I am sure that you can set up spam filters to do what you want. There is a
optional argument called spamfilter where you set up a regex and the
example in the doco is '(?i:/a|\[/url])' but you can adjust that
yourself
To modify Formmail.pl, you would need to;
a: Set up a hash of banned words including the url form
b: Take the output of the form and discard it if it matches anything in
the banned word list.
Owen
I know that Matt's FormMail is a bit insecure, but I have based my
site on it after cutting a lot of it out. For example it is not able
to send anything to anyone by entering an email address. All sending
is done strictly to hardcoded recipients (us).
The problem is that we are now being swamped by requests filled with a
lot of http links instead of our customers business related questions.
It hurts only our sales people who have to read all of the crap the
spammers enter. So I would like to stop it right at the website by not
sending anything at all out with links in the text.
Since we have had the site running about 10 years now with the
FormMail derivative script I don't feel like changing it, but you
never know in the future...
So I will surely bookmark the link you gave for future reference.
Thanks for replying!
Bo Berglund
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
Re: How to detect if a text body contains forbidden words
On Tue, 20 Nov 2007 20:03:38 +0100, Gunnar Hjalmarsson [EMAIL PROTECTED] wrote: Bo Berglund wrote: The problem is that we are now being swamped by requests filled with a lot of http links instead of our customers business related questions. It hurts only our sales people who have to read all of the crap the spammers enter. So I would like to stop it right at the website by not sending anything at all out with links in the text. It's common practice to include web addresses in emails, so treating all messages with 'http://' in them as spam will most likely give you false positives. CGI::ContactForm, as Owen mentioned, uses two techniques to stop spam. The 'spamfilter' regex is one of them, and there is also a cookie based method for preventing automated messages from being sent. OK, about common use of web addresses, but our forms are designed to collect product interest information via checkboxes and they also have a small text input field for a request from the customer to us. Our legitimate customers so far have never entered an URL into a legitimate request... What the spammers do is to autofill the textbox on the form with text that is about 50% URL links and the remainder is bogus text. What we now want is to detect those emails at the webserver itself so they don't get sent at all. Anyone entering URL:s as part of a product information request is spamming in my mind. They are spamming our customer support and sales persons who are processing the received emails I also had a look at the link to the ContactForm page but I must say I don't understand it. Looks like I am supposed to install something on the webserver (using make), but ours is a web hosting company that only allows us to FTP our files to the server. They also allow PERL cgi scripts, but that is about all access I have. What I am looking for here is help in formulating the PERL syntax right so that my existing script will exit without sending an email if the bad words are found. These are just http:, href= and url= (case insensitive matching). My first test failed since I received an email when I tried to post a text which I copied from one of the spam mails. If possible see my previous post where I wrote what I put into the script and which turned out not to work. Thanks, Bo Berglund -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
mod_perl newbie gotcha
Looking for help from anyone with mod_perl experience - I have been
caught by a classic newbie gotcha... I think.
Running Activestate Perl v5.8.8 for MSWin32, Apache 2.0 for Win32
I believe I have correctly installed mod_perl as $ENV{'MOD_PERL'}
correctly reports the version mod_perl/2.0.3
Two simple example CGI scripts -
*The first sends the contents and name of textfield to the second.
*The second script should then print the value of the textfield to
the screen.
The problem is that after the first successful send/receive, all
subsequent executions contain the same initial data: the parameters
never get reset with 'newer' data.
I understand that mod_perl is pretty fussy about closing down
assignments and undefining variables, working with 'strict' and
avoiding Globals.
I would appreciate anyone pointing out the (hopefully) obvious
mistake in my code below - or any guidance at all.
Cheers
NJH
pass_from.cgi
--
#!c:/perl/bin/perl.exe
use warnings;
use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use DBI;
my $q = new CGI;
print $q-header, $q-start_html(-title='Pass From'),
mod_perl - $ENV{'MOD_PERL'}p,
$q-start_multipart_form(-action=pass_to.cgi),
$q-textfield(-name='id', -size=10),
$q-submit(),
$q-end_form();
$q-delete('id');
print $q-end_html;
exit();
pass_to.cgi
--
#!c:/perl/bin/perl.exe
use warnings;
use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use DBI;
my $q = new CGI;
print $q-header, $q-start_html(-title='Pass To'),
mod_perl - $ENV{'MOD_PERL'}p;
foreach my $val($q-param()){print $val: ,$q-param($val);}
print pa href='pass_from.cgi'Return/a;
$q-delete('id');
print $q-end_html;
exit();
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
Re: How to detect if a text body contains forbidden words
On Tue, 20 Nov 2007 19:01:08 +0100, Bo Berglund
[EMAIL PROTECTED] wrote:
sub spam_reject {
if ($CONFIG{'Feedback'} =~ /href=|http:/i ) #i = ignore case
{
# reject code goes here
push(@ERROR,'*SPAM*');
}
if (@ERROR) {
error('spam_contents', @ERROR);
}
Do you think that this would work?
I tested it now but it did not work, I got the email out anyway
What did I do wrong in the syntax above?
Turns out that the Feedback is not in the $CONFIG array, by changing
$CONFIG to $FORM it worked!
Thanks again for pointing me in the right direction.
Bo Berglund
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
Re: mod_perl newbie gotcha
[EMAIL PROTECTED] wrote: The problem is that after the first successful send/receive, all subsequent executions contain the same initial data: the parameters never get reset with 'newer' data. I wasn't able to reproduce the described problem. -- Gunnar Hjalmarsson Email: http://www.gunnar.cc/cgi-bin/contact.pl -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
