> Hi Folks!
>
> We're facing a growing amount of automatically generated HTTP POST
> requests, all containing spamvertising links like
> http://19.altribeati.com/homoerectus/
>
> As far as i know, there are the following ways to handle that:
>
> a) Spamfilter of recipient shall filter that
W
Matthias Hertzog wrote:
Hi Folks!
We're facing a growing amount of automatically generated HTTP POST
requests, all containing spamvertising links like
http://19.altribeati.com/homoerectus/
As far as i know, there are the following ways to handle that:
a) Spamfilter of recipient shall filter
Salut,
On Tue, Aug 15, 2006 at 05:35:26PM +0200, Matthias Hertzog wrote:
> b) Web-user has to enter a unique number (generated image) in the form to
> prove, he's a human being.
The problem here is that spam bots are apparrently exceptionally good
already at reading these characters out of the p
Matthias Hertzog wrote:
b) Web-user has to enter a unique number (generated image) in the form
to prove, he's a human being.
Works fine, but you think of the visually impaired. There are captchas
which provide the number also as sound. But I wouldn't use captchas on
business websites, it's to a
Jeroen Massar wrote:
Matthias Hertzog wrote:
Hi Folks!
We're facing a growing amount of automatically generated HTTP POST
requests, all containing spamvertising links like
http://19.altribeati.com/homoerectus/
As far as i know, there are the following ways to handle that:
Does anyone out
Salut,
On Tue, Aug 15, 2006 at 06:19:21PM +0200, Matthias Keller wrote:
> One thing I have been pretty successful in blocking spam is javascript...
> Of course one can argue not all browser support or execute JS but today
> when every 3rd site completely relies on JS this is no valid point
> any
On Tue, 2006-08-15 at 17:35 +0200, Matthias Hertzog wrote:
> We're facing a growing amount of automatically generated HTTP POST requests,
> all containing spamvertising links
We are also struggling with this issue, but not only since a few days or
weeks. I get 3-6 abused forms each day!
IMO it'
Tonnerre LOMBARD wrote:
Salut,
On Tue, Aug 15, 2006 at 06:19:21PM +0200, Matthias Keller wrote:
One thing I have been pretty successful in blocking spam is javascript...
Of course one can argue not all browser support or execute JS but today
when every 3rd site completely relies on JS thi
Salut,
On Tue, Aug 15, 2006 at 06:59:21PM +0200, Matthias Keller wrote:
> Correct.
> And that's the way it works :)
> consider this:
>
>
> ...
>
>
> If the post.php receives the POST request without $_POST["somefield"]
> == "123" it refuses to send the mail...
And what if they do send the 1
Tonnerre LOMBARD wrote:
Salut,
On Tue, Aug 15, 2006 at 06:59:21PM +0200, Matthias Keller wrote:
Correct.
And that's the way it works :)
consider this:
...
If the post.php receives the POST request without $_POST["somefield"]
== "123" it refuses to send the mail...
And what if
@MK: Your method implies, that the user has a javascript enabled
browser, else the post would fail. This means in the end you loose
customers, because they're surfing with lynx.
Peter
On 8/15/06, Matthias Keller <[EMAIL PROTECTED]> wrote:
Tonnerre LOMBARD wrote:
> Salut,
>
> On Tue, Aug 15, 2
One that is less cumbersome than the "type in the word in the weird
image" approach is to set a cookie-like hidden parameter from the server
when it generates the form (I'm assuming php or perl behind a dynamic
server). In the cookie you can put the timestamp and encode the thing
using a simple cip
>
> > And what if they do send the 123?
> >
> They wont
they will - i've seen some spammers really trying to analyze some feedback
forms, etc. - next day the customer "fixed" it somehow, and the spammer
found out again how to circumvent it.
for the php users i've found a solution where i patched
On Tue, Aug 15, 2006 at 05:35:26PM +0200, Matthias Hertzog wrote:
> We're facing a growing amount of automatically generated HTTP POST
> requests, all containing spamvertising links like
We all do...
> a) Spamfilter of recipient shall filter that
If you are the only recipient and your spamfilt
Salut,
On Tue, Aug 15, 2006 at 11:39:15PM +0200, Steven Glogger wrote:
> for the php users i've found a solution where i patched tha mail() function
> to not allow linefeeds etc. in header and to: lines.
> i've documented it some time ago here:
> http://wiki.hidden.ch/index.php/PHP#Patch_von_mail.
from the main website (im including it in a
).. Seems that this is confusing the bots..
/lurking mode on
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Manuel
Krummenacher
Sent: martedì, 15. agosto 2006 18:01
To: swinog@swinog.ch
Subject: Re: [swinog] Fo
IL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Manuel
> Krummenacher
> Sent: martedì, 15. agosto 2006 18:01
> To: swinog@swinog.ch
> Subject: Re: [swinog] Formmailer-Scripts and Spam
>
>
> Matthias Hertzog wrote:
> > b) Web-user has to enter a unique number (ge
Markus Wild wrote:
One that is less cumbersome than the "type in the word in the weird
image" approach is to set a cookie-like hidden parameter from the server
when it generates the form (I'm assuming php or perl behind a dynamic
server). In the cookie you can put the timestamp and encode the thi
> Well, IMHO this is no better than my solution using JS What
> do you do if someone has cookies disabled?
> I for my part often reject cookies 'just because' when I dont
> feel they're really needed...
java script is client side.
it only prevents that a form can be submittet.
what if you circum
About that lynx discussion...
I don't think you're losing a single customer because your websites
don't support lynx. Usually people want to see a picture of the product
they're buying. And then there's the aspect, of who your target-market
is. Usually it's not the Linux-Geek (and even if it i
> Markus Wild wrote:
> > One that is less cumbersome than the "type in the word in the weird
> > image" approach is to set a cookie-like hidden parameter from the
> > server when it generates the form (I'm assuming php or perl behind
> Well, IMHO this is no better than my solution using JS
> What
Glogger Steven wrote:
Well, IMHO this is no better than my solution using JS What
do you do if someone has cookies disabled?
I for my part often reject cookies 'just because' when I dont
feel they're really needed...
java script is client side.
it only prevents that a form can be submit
An interesting tool is Akismet:
http://akismet.com/
We are using this in our Wordpress blogs and it is meant to be used
against comment spam in blogs, but as formmailer spam is basically the
same why not use it here too. Something like Spamassassin as a web
service for comment spam. The API descr
On Wed, Aug 16, 2006 at 07:29:25AM +0200, Tonnerre LOMBARD wrote:
> The good thing about PHP's builtin input sanitizing and security functions
> is that they contain the majority of bugs. mail() is one of them. ;-)
I will never recommend PHP to a customer or even a friend; however I
heard about an
> I will never recommend PHP to a customer or even a friend; however I
> heard about an Apache module (by SuSE apparently) which is designed as a
> security layer for mod_perl and mod_php. I haven't even tried it yet, but
> I will the next time I need to support others' bad decisions.
If you know
25 matches
Mail list logo
