Spam via feedback form

Spam via feedback form

Post by me9 » Sat, 31 Dec 2005 19:20:37


On 30 Dec,



I dont reveal my address on my feedback form, it is inserted by the PHP
script, so it can't be used for relaying. I also check for the existence of
the sender's email address. So far these seem to be working, as I have only
received a very small amount of hand crafted junk mail.


--
Brian D
Strongarm RiscPC600 | RISCOS 4.27 60Mb
Change lycos to yahoo to reply.
 
 
 

Spam via feedback form

Post by New » Sat, 31 Dec 2005 19:35:22

In article <4DE1509C44% XXXX@XXXXX.COM >,



Me too, of course, certainly no address exposed - but I've also taken steps
to avoid the possibility of extra header lines being inserted into the
message body such as Cc and Bcc lines.

It is this precaution that I'm suggesting may have worked.

I do have a script to validate the sender's address, but haven't used it so
far.

Thinking about changing the URL, I suppose a little PHP script could alter
it half-hourly tied to the clock or randomly each time it's accessed. That
should make any future attempts to misuse it short-lived!

But I'm still considering the possibility of revenge!

John

--
John Williams, Wirral, Merseyside, UK - no attachments to these addresses!
Non-RISC OS posters change user to johnrwilliams or put 'risc' in subject
for reliable contact! Who is John Williams? http://www.yqcomputer.com/

 
 
 

Spam via feedback form

Post by New » Sat, 31 Dec 2005 20:06:44


I see that I've also been messing about with a 'security code' field - you
know, the one where the human reads a code from a randomly generated image.

On reflection, I suppose if I made the feedback form accessible only by an
internal 'referer' (sic) it would stop this sort of misuse.

But I'll wait and see if the selective blocking code works as expected,
because:


I /do/ like PHP!

John

--
John Williams, Wirral, Merseyside, UK - no attachments to these addresses!
Non-RISC OS posters change user to johnrwilliams or put 'risc' in subject
for reliable contact! Who is John Williams? http://www.yqcomputer.com/
 
 
 

Spam via feedback form

Post by Alan Wrigl » Sat, 31 Dec 2005 22:39:34

In message < XXXX@XXXXX.COM >



I've been getting a lot of this lately.


I find that mine comes from a variety of IP addresses with no pattern,
so it's impossible to trap them.


The most important thing is to ensure that extra headers can't be
added. If you put a field in the form for an email address and include
this as a Reply-To header in the mail that gets sent to you, it opens
up a huge loophole for spammers to insert extra headers into the email
address which can then be used to send spam to other addresses
inserted as BCCs. My form has a trap for this which removes any extra
lines in the email address field before forwarding the message to me.
For good measure it also restricts the address in the Reply-To header
to 64 chars, just in case.


I tried this but I found occasionally it would reject a genuine
contact. I assume that some browsers don't send the referrer
information correctly.

Alan

--
RISC OS - you know it makes cents
 
 
 

Spam via feedback form

Post by Kevin Well » Sun, 01 Jan 2006 05:13:33

In message < XXXX@XXXXX.COM >




I had a simliar attack from the form on my blog.

They then used my domain to spam others and I had loads of bounces
comming in.

They used somethingorother@mydomainname.
--
Kev Wells http://www.yqcomputer.com/
http://www.yqcomputer.com/
ICQ 238580561
In England's green and pleasant land.
 
 
 

Spam via feedback form

Post by Stuart Pai » Sun, 01 Jan 2006 05:34:52


Won't work. They'll just mark your site as one that has to be
navigated from a "real" page rather than just sitting on the feedback
form all the time.

In any case, a changing URL would have to cater for overlaps (two
people accessing the feedback form in quick succession) and/or slow
typists (it can take me upwards of 10 minutes to compose a considered
message for a feedback form). You can also get some decidedly weird
things happening when HTTP proxies get involved.


Any retaliation you might take could only affect the "0wn3d" PC doing
the spam run, or perhaps the innocent bystander whose email address is
being used as the "sender". The spammer will notice that the spam
messages are not reaching their destinations, but that's all.


--
My website is at http://www.yqcomputer.com/
Please visit the website to obtain my email address.
 
 
 

Spam via feedback form

Post by Segfaul » Sun, 01 Jan 2006 05:45:32

In article < XXXX@XXXXX.COM >,


I'm just about to write some code to add one of those to my own web forms
and guestbooks, as I've also started getting automated spam submitted to my
guestbooks. :-(

--
Paul in Southsea, Hampshire - using the best OS in the World!
__\\|//__ Life,
(` o-o ') the Universe
http://www.yqcomputer.com/ -----ooO-(_)-Ooo------ & Everything ------
(email address is genuine, to fool junkmailers)

To err is human, to forgive divine.
 
 
 

Spam via feedback form

Post by Segfaul » Sun, 01 Jan 2006 08:00:28

In article < XXXX@XXXXX.COM >,


Just completed it, and added it to all my guestbooks, so we'll see if
http://www.yqcomputer.com/ gets much more spam in the next few days.
It's been getting about 20-30 junk messages a day recently. :-(

--
Paul in Southsea, Hampshire - using the best OS in the World!
__\\|//__ Life,
(` o-o ') the Universe
http://www.yqcomputer.com/ -----ooO-(_)-Ooo------ & Everything ------
(email address is genuine, to fool junkmailers)

The horror, the horror!
 
 
 

Spam via feedback form

Post by John M War » Sun, 01 Jan 2006 09:00:09

In article < XXXX@XXXXX.COM >,




Surely a daily "crop of circulars"? ;-)

I really wish there were a way to stop all this, even if it means that
the "big boys" in the Internet world have to devise new protocols -- or
whatever -- to (eventually) supersede the apparently weak existing email
system.

There must be *something* that can be done universally, though I am
still scratching my head to come up with anything that might be
workable. I have so far thought of an enforceable way to verify emails'
origins before even accepting them into the email system from any
source, to eliminate fake originators and forgeries.

The whole Net is getting so bunged up with garbage that it is impairing
performance markedly on occasions, I've noticed. I recall those times
when Argonet was "mailbombed" and all the efforts that you in particular
had to put in just to keep up with clearing the junk as fast as it was
coming in. I want, under this new methodolog, every message guaranteed
traceable to its originator so that action can be taken against the
perpetrators. Only with that level of disincentive will this scourge
ever be able to be all-but eliminated.

For example, under such a scheme I would have to register (and have
approved) every email address from which I send, and the only MAC
addresses from which I can send. Rather like those folk who set their
telephones to refuse to accept calls when the number is withheld, I'm
sure the email "entry points" (ISPs et al) can be made to work on this
basis. Indeed, my primary ISP -- Blueyonder -- required MAC addresses
to be registered (maximum of five of them) before they would allow any
kind of Internet access, so it can be enforced at that level.

This would limit things a bit, I know, but unless there are truly
compelling reasons not to go down this route. I don't care tuppence if
it means that garbage like Google-origanted messaging could no longer
function: the "sacrifice" would be well worth it!

Thoughts on all this from the experts?

--
John Ward in Medway, Kent - using RISC OS since 1987
Now using an Iyonix, an A9home, 2 RiscPCs and Virtual-RPC!
Acorn/RISC OS web page: www.john-ward.org.uk/personal/john/computers
Read my "Councilling RISC OS" series in Qercus, from Issue 276 onward
 
 
 

Spam via feedback form

Post by Ben Shimmi » Sun, 01 Jan 2006 09:17:07

John M Ward < XXXX@XXXXX.COM >:

[...]


Some stuff fairly close to the ideas you're suggesting is already being
implemented, eg. the Sender Policy Framework:

<URL: http://www.yqcomputer.com/ ;

b.

--
Enjoy responsibly. <URL: http://www.yqcomputer.com/ ;
 
 
 

Spam via feedback form

Post by Segfaul » Sun, 01 Jan 2006 18:00:02

In article < XXXX@XXXXX.COM >,



I can't quite see how that would work. Presumably it does a standard
reverse DNS (which most mail servers do anyway) and then check the IP
address with a list of known IPs from the sender.

However, I use about 15 different mail servers and about 60 different email
addresses, depending upon where I am - so unless you held a database of all
those locations, you'd never know if my email originated from a legitimate
source or not - and that doesn't even include additional servers such as
webmail accounts when I'm using someone else's computer to do email.

--
Paul in Southsea, Hampshire - using the best OS in the World!
__\\|//__ Life,
(` o-o ') the Universe
http://www.yqcomputer.com/ -----ooO-(_)-Ooo------ & Everything ------
(email address is genuine, to fool junkmailers)

51 things to do in a lift....
14. One word: Flatulence!
 
 
 

Spam via feedback form

Post by new » Sun, 01 Jan 2006 19:08:41

In article < XXXX@XXXXX.COM >, Ben Shimmin






In my experience AOL's implementation of SPF seems to be bouncing
legitimate emails to and from AOL account holders.

An AOL colleague of mine tried to send an email to me amongst others
but it bounced with the message:-
*********
Delivery to the following recipients failed.

XXXX@XXXXX.COM
Diagnostic-Code: smtp;550-aol.com has published SPF records prohibiting
550 217.64.228.181 from sending mail from XXXX@XXXXX.COM .
*********

Also emails to AOL account holders on my mailing lists regularly bounce.

--
Barry A.
 
 
 

Spam via feedback form

Post by Ben Shimmi » Mon, 02 Jan 2006 01:35:21

Segfault < XXXX@XXXXX.COM >:


No, that's absolutely not how it works.

I can't be bothered explaining, but this will suffice:

<URL: http://www.yqcomputer.com/ #Implementation>

Of course, it's not perfect, and it certainly isn't the FUSSP, but I doubt
anyone's claiming that it is.

b.

--
Enjoy responsibly. <URL: http://www.yqcomputer.com/ ;
 
 
 

Spam via feedback form

Post by Ben Shimmi » Mon, 02 Jan 2006 02:08:53

Barry Allen (news) < XXXX@XXXXX.COM >:

[16:43][bas@rialto:~]$ dig -x 217.64.228.181
[...]
;; ANSWER SECTION:
181.228.64.217.in-addr.arpa. 85316 IN PTR mail.rfu.com.

It would be no great surprise to discover that AOL have broken SPF, but
that particular example looks right to me -- mail.rfu.com should not be
allowed to send mail from an aol.com address according to aol.com's SPF
records.

b.

--
Enjoy responsibly. <URL: http://www.yqcomputer.com/ ;