Re: Blocking form spam
This WebDNA talk-list message is from 2006
It keeps the original formatting.
numero = 67925
interpreted = N
texte = Stuart,My problem was determining what characters to grep for and be confidentthat I am catching the attempts to push email through my forms.Just to be clear there are two things happening to my forms:-1. Contact Form Spam / Comment SpamThis is where a spammer is sending loads of links through the formhoping (I assume) that it may show up on a live web page (like a blog orguestbook) and help their google rating. What I have done here is checkfor the string 'http://' in fields where it is not appropriate and thenblock the form from sending if any are present. Where the field maycontain a link (like a comment textarea) then I count the number oflinks and block if more than say five links or more are in the field.Links : [listwords words=3D[grep search=3D[url]http://[/url]&replace=3D =|][COMMENT][/grep]&delimiters=3D|][text]links=3D[index][/text][/listwords]=[links]2. Email Injection SpamThis is more worrying and is where a spammer tries to hijack a form anduse it as an SMTP proxy to send spam.(http://www.securephpwiki.com/index.php/Email_Injection) They do thisby putting strings like the following into form fields:-sender@anonymous.www%0ACc:recipient@someothersite.xxx%0ABcc:somebloke@grrrr.xxx,someotherbloke@oooops.xxxIf the data from this field is passed on anywhere within a [sendmail]context then the third party will get an email. The headers can bemessed around with more to fully hijack the form. After trial and errorI have found the following grep seems to work:[grep search=3D(%250A|%250D|[cC][cC])&replace=3D][formfield][/grep]It removes linefeeds, carriage returns, and 'Cc' (also effectivelycatching 'Bcc')Sorry if I seem to be going on too much about this but I found a coupleof my forms were exposed and it scared the crap out of me. I haven'tcome across anything in the docs or on this list yet which highlightsthat variables have to be checked and cleaned before being included in asendmail context. Maybe its obvious that this should be done but I hadmissed it nonetheless.- Tom-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Stuart,My problem was determining what characters to grep for and be confidentthat I am catching the attempts to push email through my forms.Just to be clear there are two things happening to my forms:-1. Contact Form Spam / Comment SpamThis is where a spammer is sending loads of links through the formhoping (I assume) that it may show up on a live web page (like a blog orguestbook) and help their google rating. What I have done here is checkfor the string 'http://' in fields where it is not appropriate and thenblock the form from sending if any are present. Where the field maycontain a link (like a comment textarea) then I count the number oflinks and block if more than say five links or more are in the field.Links : [listwords words=3D[grep search=3D[url]http://[/url]&replace=3D =|][COMMENT][/grep]&delimiters=3D|][text]links=3D[index][/text][/listwords]=[links]2. Email Injection SpamThis is more worrying and is where a spammer tries to hijack a form anduse it as an SMTP proxy to send spam.(http://www.securephpwiki.com/index.php/Email_Injection) They do thisby putting strings like the following into form fields:-sender@anonymous.www%0ACc:recipient@someothersite.xxx%0ABcc:somebloke@grrrr.xxx,someotherbloke@oooops.xxxIf the data from this field is passed on anywhere within a [sendmail]context then the third party will get an email. The headers can bemessed around with more to fully hijack the form. After trial and errorI have found the following grep seems to work:[grep search=3D(%250A|%250D|[cC][cC])&replace=3D][formfield][/grep]It removes linefeeds, carriage returns, and 'Cc' (also effectivelycatching 'Bcc')Sorry if I seem to be going on too much about this but I found a coupleof my forms were exposed and it scared the crap out of me. I haven'tcome across anything in the docs or on this list yet which highlightsthat variables have to be checked and cleaned before being included in asendmail context. Maybe its obvious that this should be done but I hadmissed it nonetheless.- Tom-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
"Tom Duke"
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Paths, relative paths, webstar server setup and security (Mac) (1997)
Setting up shop (1997)
creator code (1997)
The IBC root beer has arrived! (1997)
HELP WITH DATES (1997)
WebCatalog 4.0.1 has been released! (2000)
wrong authentication (1998)
Re:Merging databases (1997)
unclear on a simple [cart] ? (1998)
Upgrade to WebCat2 from Commerce Lite (1997)
Possible Bug in 2.0b15.acgi (1997)
[format 40s]text[/format] doesn't work (1997)
CloseDataBase vs CommitDataBase (2007)
Getting total number of items ordered (1997)
Calculating Age from DB fields (2003)
system crashes, event log (1997)
Press Release hit the NewsWire!!! (1997)
Thanks and Big News!!! (1997)
Out of the woodwork (2007)
Attn: Bug in GeneralStore example b15 (1997)