Jeroen Massar wrote:
Matthias Hertzog wrote:
Hi Folks!
We're facing a growing amount of automatically generated HTTP POST
requests, all containing spamvertising links like
http://19.altribeati.com/homoerectus/
As far as i know, there are the following ways to handle that:
Does anyone out there has better ideas? How have you solved that
problem?
What about not having stupid scripts like formmail!? There are only
very few cases where this can be useful and in those cases the
destination address should be fixed. Then at least the person who is
using the script gets the crap and not other people.
There was a similar question on NANOG last couple of days, where
somebody was wondering how to block the webcafe's downstream from
spamming: top it at the source. In your case that is clearly the
formmail.
Even some badly written scripts with fixed recipients have been abused
in the past - seen and fixed lots of em on my server
Often they insert a reply-to or from header in the mail containing the
senders e-mail
If this field isn't properly validated it's very easy to send thousands
of spams with header injection....
So don't feel so safe if you use fixed recipients...
One thing I have been pretty successful in blocking spam is javascript...
Of course one can argue not all browser support or execute JS but today
when every 3rd site completely relies on JS this is no valid point
anymore IMHO
I use a onSubmit script which sets a variable before submitting. only if
this value is received correctly in the script the form is processed...
Matt
_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
