[Pro] Receiving Spam from PHP form

Hello everyone – I hope you can help.

We have some little competitions on our website (www.completekitcar.co.uk) which we have setup all using the PHP action. On one of the competitions we are getting inundated with Spam emails but only on one.

I have already taken this PHP form down, deleted it and remade it with a different page name but we are still getting the same problem.

Where am I going wrong and how can I prevent these b******s doing this in the future?

Please help.

James


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Are you using the latest version of the Action, and have you enabled the “spam trap” feature? That does an excellent job of catching the automated spam. Nothing (not even a CAPTCHA) will stop the “room full of badly-paid humans” problem, but it will knock out the automated crap.

Walter

On Jan 17, 2012, at 7:28 AM, James Mansell wrote:

Hello everyone – I hope you can help.

We have some little competitions on our website (www.completekitcar.co.uk) which we have setup all using the PHP action. On one of the competitions we are getting inundated with Spam emails but only on one.

I have already taken this PHP form down, deleted it and remade it with a different page name but we are still getting the same problem.

Where am I going wrong and how can I prevent these b******s doing this in the future?

Please help.

James


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Hi James,
Have the Action log the IP address of the sender and if all of the spam appears to come from a single or range of addresses ask your hosting provider with help blocking these users from your site. A simple htaccess file will prevent them from seeing the pages you specify.
Regards,
Tim.

On 17 Jan 2012, at 12:28, James Mansell wrote:

We have some little competitions on our website (www.completekitcar.co.uk) which we have setup all using the PHP action. On one of the competitions we are getting inundated with Spam emails but only on one.

I have already taken this PHP form down, deleted it and remade it with a different page name but we are still getting the same problem.

Where am I going wrong and how can I prevent these b******s doing this in the future?

Please help.


FreewayActions.com - Freeware and commercial Actions for Freeway Express & Pro - http://www.freewayactions.com
FreewayStyle.com - Free Freeway templates and parts to download, use and explore - http://www.freewaystyle.com


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Hi Walter and Tim

Firstly many thanks for your help with this problem. We are using the latest version of the action and I have now clicked the ‘Spam Trap’ but, and there’s always a ‘but’, to log the IP address of the sender do I just click ‘Track IP Address’ in the Action?

Once again guys, many thanks for your help, much appreciated.

James


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Hi James,
Yes you do.
Regards,
Tim.

On 17 Jan 2012, at 14:27, James Mansell wrote:

Firstly many thanks for your help with this problem. We are using the latest version of the action and I have now clicked the ‘Spam Trap’ but, and there’s always a ‘but’, to log the IP address of the sender do I just click ‘Track IP Address’ in the Action?


FreewayActions.com - Freeware and commercial Actions for Freeway Express & Pro - http://www.freewayactions.com
FreewayStyle.com - Free Freeway templates and parts to download, use and explore - http://www.freewaystyle.com


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

The Akismet http://akismet.com/ service might be worth a look.

Todd

http://www.xiiro.com
Twitter: @ImXiiro
Skype: toddbrilliant


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

James,
easiForm has a bad words filter, this is what I use on all my own sites to cut spam from any web forms on my or other sites I have done. Be warned there is no 100% full proof method of cutting back on spam totally, well there is but it would stop all other messages at the same time unfortunately.
Anyway… I have found using my own action on my forms to be the best method so far. You might find you need to tweak the bad words filter content every so often to slot in with the type of spammer that finds your form, then again you might find you do not need to do that more than the first time, all depends on the form and what the t***** that finds it is interested in.

easiForm is not free ($20 for xxx forms per domain) and it needs to be used on a server that is ioncube friendly. Loading the ioncube folder to your home directory and navigating to the helper file in that folder will tell you the current status of ioncube on your server. Some servers permit it to be loaded on the fly while others (Go Daddy) require it’s additing in the php5.ini file.

HTH
Mike

On Jan 17, 2012, at 1:28 PM, James Mansell wrote:

Hello everyone – I hope you can help.

We have some little competitions on our website (www.completekitcar.co.uk) which we have setup all using the PHP action. On one of the competitions we are getting inundated with Spam emails but only on one.

I have already taken this PHP form down, deleted it and remade it with a different page name but we are still getting the same problem.

Where am I going wrong and how can I prevent these b******s doing this in the future?

Please help.

James


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

I’m using easiForm too and I found it works pretty well. Just out of curiosity, what words do you typically block, aside from expletives?


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

It depends on the type of spam you are getting, if you send a copy of the spam to my or the easibase email address I will look at it for you.

Mike

On Jan 17, 2012, at 7:16 PM, RavenManiac wrote:

I’m using easiForm too and I found it works pretty well. Just out of curiosity, what words do you typically block, aside from expletives?


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Morning all

Right then, I applied the Spam Trap and also the Track IP Address but I’ve come in this morning to find a mountain of spam in my inbox. All from different email addresses.

We are running other competitions which seem untouched by these b******s so I have even copied a PHP form from there and then just adjusted the content for this competition but it’s still being hit.

I’m afraid my knowledge is very very limited (think 'base-level) with all of this so when the advice gets to the level of ‘Ioncube’ and uploading to specific folders I’m afraid that my ineptitude shines through.

Basically is there a simple way of me getting around this i.e. Re-generating the form but just giving it a generic file name. Could it be the current file name that the spammers have picked up on? This competition only has 2 weeks left to run so I just need to get by until then.

I really appreciate all of the help and comments that you are giving and totally understand your frustrations at dealing with someone at a basic level.

Thank you

James


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

There are a few general classes of attack in this arena. One would be the “room full of poorly-paid people”. This is fundamentally impossible to defend from.

Another would be the automated Perl script. If the attackers are going this route, changing the filename of the handler will only affect them once. They’ll circle back, re-read your form page to find the new handler name, and hammer at it again.

These automated attacks are susceptible to Tim’s “honeypot” spam trap, though. Basically, it presents a supernumerary field in the form that looks like you ought to put some data in it, but then it hides that field from view of normal users. The upshot is that if the handler sees that field empty, it considers that a human filled it out, but if a value is present in that field, it realizes that it’s probably spam and kills it.

If you just changed the form to include the honeypot trap, then I would give this another day or so and see if it settles down. Also look carefully at the IP addresses that have been captured by the script. See if there’s a pattern to them, or if they are from all over the place. If you see a pattern, like a group of attack messages that are all from the same address, or addresses that are the same up to the last segment, then your ISP can block those addresses from reaching your server at all.

Remember, even a CAPTCHA cannot defeat the room full of people attack.

If you’re being spammed by a really clever bot (one that recognizes and side-steps Tim’s clever land mine), then there’s nothing at the easy Action level that you can do about it. (Yes, Mike’s easibase Action is fairly easy to include in your page, but it requires a server-side component that is anything but easy – and in some cases, impossible due to hosting provider policy – to install.)

Your options in this arms race are to do nothing (sort through the crap manually), do what you’ve already done (which will get rid of automated abuse), or go the extra mile and install a CAPTCHA, either using Milke’s Action and server component or by hand-coding in reCAPTCHA or another free service.

Walter

On Jan 18, 2012, at 5:26 AM, James Mansell wrote:

Basically is there a simple way of me getting around this i.e. Re-generating the form but just giving it a generic file name. Could it be the current file name that the spammers have picked up on? This competition only has 2 weeks left to run so I just need to get by until then.


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Hi Guys

Listen, many many many thanks to you all. With your combined help (and patience) the spam problem seems to have now been resolved.

Cheers guys… until the next time! :o)

James


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

At 09:04 -0500 18/1/12, Walter Lee Davis wrote:

There are a few general classes of attack in this arena. One would
be the “room full of poorly-paid people”. This is fundamentally
impossible to defend from.

When I want to deal with a site that uses reCaptcha it usually takes
me 10 - 20 images before I get one I can work out. :slight_smile:

David


David Ledger - Freelance Unix Sysadmin in the UK.
HP-UX specialist of hpUG technical user group (www.hpug.org.uk)
email@hidden
www.ivdcs.co.uk


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options