Form spamming

S

Skimbleway

We are having some difficulty with a spammer who uses the Contact us! Form on
our website. The spammer uses the same letters in the 'Name', 'E-mail
address', 'Location' etc boxes followed by the usual spam rubbish in the
'Message' box. Is there any way that we can set up FrontPage to reject
(delete) the message when the spammer clicks 'Send'?
What has been suggested is "What I recommend doing is checking the detail
entered into the Form itself and if they match the ones you say are always
the same to reject details" but we dont know how to do this.
Any helpful advice will be appreciated.
 
M

Murray

You would need to use server scripting to do this. I have just done a PHP
page that checks for exactly that kind of spam - if it's found, it sends me
an email, and sends the spammer to a real looking thank you page, but that's
all it does.
 
S

Skimbleway

Thank you Murray for your prompt reply - don't think I am up to doing
something similar to you as I am a bit 'green' when it comes to computers etc
- thats why I use FrontPage I suppose! However if what you have done is
simple then I am prepared to give it a go if you will tell me what I must do.
Thank you.

David
 
M

Murray

What I have done is simple if you understand server scripting. As far as I
know, there is no 'off-the-shelf' solution, unfortunately.

With server scripting, I am able to examine the contents of each field in
the submitted form's data, and make decisions on how to process the form
based on that examination. This is the right way to do it, since it happens
after the form is submitted and the data is transmitted to the server, and
cannot be blocked or modified in any way by the submitter, as can simple
javascript-based validation (which happens client side not server side, and
can be disabled by just disabling javascript).

The script itself first looks at the email field, and if it contains the
magic words, or if any of the other fields contain the magic words, the
form's data is not processed normally.
 
M

Mike Mueller

He he

Just did a similiar thing with ASP, but I have it done to
the guy's IP address- if its a match the generated email
goes to the abuse@ hisdomain.com address instead of mine,
and the same confirmation page is fired up


: You would need to use server scripting to do this. I have
just done a PHP
: page that checks for exactly that kind of spam - if it's
found, it sends me
: an email, and sends the spammer to a real looking thank
you page, but that's
: all it does.
:
: --
: Murray
: --------------
: MVP FrontPage
:
:
in message
: : > We are having some difficulty with a spammer who uses
the Contact us! Form
: > on
: > our website. The spammer uses the same letters in the
'Name', 'E-mail
: > address', 'Location' etc boxes followed by the usual
spam rubbish in the
: > 'Message' box. Is there any way that we can set up
FrontPage to reject
: > (delete) the message when the spammer clicks 'Send'?
: > What has been suggested is "What I recommend doing is
checking the detail
: > entered into the Form itself and if they match the ones
you say are always
: > the same to reject details" but we dont know how to do
this.
: > Any helpful advice will be appreciated.
:
:
 
T

Thomas A. Rowe

If you know the IP address of the spammer and are using server-side scripting, why not just block
the spammer access to the site?

--
==============================================
Thomas A. Rowe
Microsoft MVP - FrontPage

http://www.Ecom-Data.com
==============================================
 
M

Mike Mueller

It was a quick patch on the script which I uploaded until I
could log into the server during normal working hours


: If you know the IP address of the spammer and are using
server-side scripting, why not just block
: the spammer access to the site?
:
: --
: ==============================================
: Thomas A. Rowe
: Microsoft MVP - FrontPage
:
: http://www.Ecom-Data.com
: ==============================================
:
:
: : > He he
: >
: > Just did a similiar thing with ASP, but I have it done
to
: > the guy's IP address- if its a match the generated email
: > goes to the abuse@ hisdomain.com address instead of
mine,
: > and the same confirmation page is fired up
: >
: >
message
: > : > : You would need to use server scripting to do this. I
have
: > just done a PHP
: > : page that checks for exactly that kind of spam - if
it's
: > found, it sends me
: > : an email, and sends the spammer to a real looking
thank
: > you page, but that's
: > : all it does.
: > :
: > : --
: > : Murray
: > : --------------
: > : MVP FrontPage
: > :
: > :
: > : "Skimbleway" <[email protected]>
wrote
: > in message
: > :
: > : > We are having some difficulty with a spammer who
uses
: > the Contact us! Form
: > : > on
: > : > our website. The spammer uses the same letters in
the
: > 'Name', 'E-mail
: > : > address', 'Location' etc boxes followed by the usual
: > spam rubbish in the
: > : > 'Message' box. Is there any way that we can set up
: > FrontPage to reject
: > : > (delete) the message when the spammer clicks 'Send'?
: > : > What has been suggested is "What I recommend doing
is
: > checking the detail
: > : > entered into the Form itself and if they match the
ones
: > you say are always
: > : > the same to reject details" but we dont know how to
do
: > this.
: > : > Any helpful advice will be appreciated.
: > :
: > :
: >
: >
:
:
 
M

Murray

By the way, if the spammer is coming through an ISP, then that IP address
will change from day to day. But I like the email to abuse, assuming, of
course, that the email address given by the spammer is valid and actually
belongs to him/her.
 
T

Tom Willett

And, of course, most ISPs dont' want the original email in its whole form.
They have specific instructions as to how to send to abuse, including a copy
of the headers.
--
===
Tom Willett
Microsoft MVP - FrontPage
---
FrontPage Support:
http://www.frontpagemvps.com/
===

| By the way, if the spammer is coming through an ISP, then that IP address
| will change from day to day. But I like the email to abuse, assuming, of
| course, that the email address given by the spammer is valid and actually
| belongs to him/her.
|
| --
| Murray
| --------------
| MVP FrontPage
|
|
| | > It was a quick patch on the script which I uploaded until I
| > could log into the server during normal working hours
| >
| >
| > | > : If you know the IP address of the spammer and are using
| > server-side scripting, why not just block
| > : the spammer access to the site?
| > :
| > : --
| > : ==============================================
| > : Thomas A. Rowe
| > : Microsoft MVP - FrontPage
| > :
| > : http://www.Ecom-Data.com
| > : ==============================================
| > :
| > :
| > : | > : > He he
| > : >
| > : > Just did a similiar thing with ASP, but I have it done
| > to
| > : > the guy's IP address- if its a match the generated email
| > : > goes to the abuse@ hisdomain.com address instead of
| > mine,
| > : > and the same confirmation page is fired up
| > : >
| > : >
| > message
| > : > | > : > : You would need to use server scripting to do this. I
| > have
| > : > just done a PHP
| > : > : page that checks for exactly that kind of spam - if
| > it's
| > : > found, it sends me
| > : > : an email, and sends the spammer to a real looking
| > thank
| > : > you page, but that's
| > : > : all it does.
| > : > :
| > : > : --
| > : > : Murray
| > : > : --------------
| > : > : MVP FrontPage
| > : > :
| > : > :
| > : > : "Skimbleway" <[email protected]>
| > wrote
| > : > in message
| > : > :
| > | > : > : > We are having some difficulty with a spammer who
| > uses
| > : > the Contact us! Form
| > : > : > on
| > : > : > our website. The spammer uses the same letters in
| > the
| > : > 'Name', 'E-mail
| > : > : > address', 'Location' etc boxes followed by the usual
| > : > spam rubbish in the
| > : > : > 'Message' box. Is there any way that we can set up
| > : > FrontPage to reject
| > : > : > (delete) the message when the spammer clicks 'Send'?
| > : > : > What has been suggested is "What I recommend doing
| > is
| > : > checking the detail
| > : > : > entered into the Form itself and if they match the
| > ones
| > : > you say are always
| > : > : > the same to reject details" but we dont know how to
| > do
| > : > this.
| > : > : > Any helpful advice will be appreciated.
| > : > :
| > : > :
| > : >
| > : >
| > :
| > :
| >
| >
|
|
 
M

Mike Mueller

The IP was constant for a few months, was spammed every couple of days. Then
it became a constant occurrence every few hours. The abuse address came from
a dns lookup for the IP- some company in SE Asia (go figure), already
blacklisted.

From the log files, it looks like a bot, no user agent mentioned. Still
403'ing every 4 or 5 hours
 
T

Thomas A. Rowe

For that reason, you should consider blocking the entire IP block.

--
==============================================
Thomas A. Rowe
Microsoft MVP - FrontPage

http://www.Ecom-Data.com
==============================================
 
M

Murray

I have just added the IP address to my reporting methodology for this slimy
poopcube with that same approach in mind. On a couple of the spams, a real
email address was included, which maps to a Russian owner and a host in
Cyprus. Grrr....
 
T

Tom [Pepper] Willett

You don't. The host blocks it in the server or the firewall.
--
===
Tom [Pepper] Willett
Microsoft MVP - FrontPage
"You're a daisy if you do!"
---
FrontPage Support:
http://www.frontpagemvps.com/
===
| How does one block an IP address in Frontpage 2002?
|
| Thanks,
|
|
| "Thomas A. Rowe" wrote:
|
| > For that reason, you should consider blocking the entire IP block.
| >
| > --
| > ==============================================
| > Thomas A. Rowe
| > Microsoft MVP - FrontPage
| >
| > http://www.Ecom-Data.com
| > ==============================================
| >
| >
| > | > > The IP was constant for a few months, was spammed every couple of
days. Then it became a constant
| > > occurrence every few hours. The abuse address came from a dns lookup
for the IP- some company in
| > > SE Asia (go figure), already blacklisted.
| > >
| > > From the log files, it looks like a bot, no user agent mentioned.
Still 403'ing every 4 or 5 hours
| > >
| > >
| > > | > >> By the way, if the spammer is coming through an ISP, then that IP
address will change from day to
| > >> day. But I like the email to abuse, assuming, of course, that the
email address given by the
| > >> spammer is valid and actually belongs to him/her.
| > >>
| > >> --
| > >> Murray
| > >> --------------
| > >> MVP FrontPage
| > >>
| > >>
| > >> | > >>> It was a quick patch on the script which I uploaded until I
| > >>> could log into the server during normal working hours
| > >>>
| > >>>
| > >>> | > >>> : If you know the IP address of the spammer and are using
| > >>> server-side scripting, why not just block
| > >>> : the spammer access to the site?
| > >>> :
| > >>> : --
| > >>> : ==============================================
| > >>> : Thomas A. Rowe
| > >>> : Microsoft MVP - FrontPage
| > >>> :
| > >>> : http://www.Ecom-Data.com
| > >>> : ==============================================
| > >>> :
| > >>> :
| > >>> : | > >>> : > He he
| > >>> : >
| > >>> : > Just did a similiar thing with ASP, but I have it done
| > >>> to
| > >>> : > the guy's IP address- if its a match the generated email
| > >>> : > goes to the abuse@ hisdomain.com address instead of
| > >>> mine,
| > >>> : > and the same confirmation page is fired up
| > >>> : >
| > >>> : >
| > >>> message
| > >>> : > | > >>> : > : You would need to use server scripting to do this. I
| > >>> have
| > >>> : > just done a PHP
| > >>> : > : page that checks for exactly that kind of spam - if
| > >>> it's
| > >>> : > found, it sends me
| > >>> : > : an email, and sends the spammer to a real looking
| > >>> thank
| > >>> : > you page, but that's
| > >>> : > : all it does.
| > >>> : > :
| > >>> : > : --
| > >>> : > : Murray
| > >>> : > : --------------
| > >>> : > : MVP FrontPage
| > >>> : > :
| > >>> : > :
| > >>> : > : "Skimbleway" <[email protected]>
| > >>> wrote
| > >>> : > in message
| > >>> : > :
| > >>> | > >>> : > : > We are having some difficulty with a spammer who
| > >>> uses
| > >>> : > the Contact us! Form
| > >>> : > : > on
| > >>> : > : > our website. The spammer uses the same letters in
| > >>> the
| > >>> : > 'Name', 'E-mail
| > >>> : > : > address', 'Location' etc boxes followed by the usual
| > >>> : > spam rubbish in the
| > >>> : > : > 'Message' box. Is there any way that we can set up
| > >>> : > FrontPage to reject
| > >>> : > : > (delete) the message when the spammer clicks 'Send'?
| > >>> : > : > What has been suggested is "What I recommend doing
| > >>> is
| > >>> : > checking the detail
| > >>> : > : > entered into the Form itself and if they match the
| > >>> ones
| > >>> : > you say are always
| > >>> : > : > the same to reject details" but we dont know how to
| > >>> do
| > >>> : > this.
| > >>> : > : > Any helpful advice will be appreciated.
| > >>> : > :
| > >>> : > :
| > >>> : >
| > >>> : >
| > >>> :
| > >>> :
| > >>>
| > >>>
| > >>
| > >>
| >
| >
| >
 
M

Mike Mueller

Blocking an IP is not the function of a web page; it is the function of the
webserver, and it will vary by server type.

If the server is Apache, then an htaccess file could be used/modified to
block the address
If the server is IIS, then it will be an IIS configuration

Script pages (even javascript) can read an address and do a redirect also-
javascript is most likely worthless in this regards as the spam bots dont
render it
 
T

Thomas A. Rowe

Not really something the any HTML editor can do.

If hosted on Unix/Linux, use htaccess or server-side scripting (PHP)

If hosted IIS use the IIS MMC if you manage your own server or your web host is willing to do it for
you, otherwise you have to use server-side scripting (ASP, ASP.net, [PHP, CFM, if supported]).
--
==============================================
Thomas A. Rowe
Microsoft MVP - FrontPage

http://www.Ecom-Data.com
==============================================
 
M

Morty

Interesting, I use Webintellects and I called them today and they told me
they could not do it, that I needed to do it myself. Now I use FP becuase I
am not that versed in web design, so the rep told me I would need to figure
out how to do a htaccess type function.

Tom [Pepper] Willett said:
You don't. The host blocks it in the server or the firewall.
--
===
Tom [Pepper] Willett
Microsoft MVP - FrontPage
"You're a daisy if you do!"
---
FrontPage Support:
http://www.frontpagemvps.com/
===
| How does one block an IP address in Frontpage 2002?
|
| Thanks,
|
|
| "Thomas A. Rowe" wrote:
|
| > For that reason, you should consider blocking the entire IP block.
| >
| > --
| > ==============================================
| > Thomas A. Rowe
| > Microsoft MVP - FrontPage
| >
| > http://www.Ecom-Data.com
| > ==============================================
| >
| >
| > | > > The IP was constant for a few months, was spammed every couple of
days. Then it became a constant
| > > occurrence every few hours. The abuse address came from a dns lookup
for the IP- some company in
| > > SE Asia (go figure), already blacklisted.
| > >
| > > From the log files, it looks like a bot, no user agent mentioned.
Still 403'ing every 4 or 5 hours
| > >
| > >
| > > | > >> By the way, if the spammer is coming through an ISP, then that IP
address will change from day to
| > >> day. But I like the email to abuse, assuming, of course, that the
email address given by the
| > >> spammer is valid and actually belongs to him/her.
| > >>
| > >> --
| > >> Murray
| > >> --------------
| > >> MVP FrontPage
| > >>
| > >>
| > >> | > >>> It was a quick patch on the script which I uploaded until I
| > >>> could log into the server during normal working hours
| > >>>
| > >>>
| > >>> | > >>> : If you know the IP address of the spammer and are using
| > >>> server-side scripting, why not just block
| > >>> : the spammer access to the site?
| > >>> :
| > >>> : --
| > >>> : ==============================================
| > >>> : Thomas A. Rowe
| > >>> : Microsoft MVP - FrontPage
| > >>> :
| > >>> : http://www.Ecom-Data.com
| > >>> : ==============================================
| > >>> :
| > >>> :
| > >>> : | > >>> : > He he
| > >>> : >
| > >>> : > Just did a similiar thing with ASP, but I have it done
| > >>> to
| > >>> : > the guy's IP address- if its a match the generated email
| > >>> : > goes to the abuse@ hisdomain.com address instead of
| > >>> mine,
| > >>> : > and the same confirmation page is fired up
| > >>> : >
| > >>> : >
| > >>> message
| > >>> : > | > >>> : > : You would need to use server scripting to do this. I
| > >>> have
| > >>> : > just done a PHP
| > >>> : > : page that checks for exactly that kind of spam - if
| > >>> it's
| > >>> : > found, it sends me
| > >>> : > : an email, and sends the spammer to a real looking
| > >>> thank
| > >>> : > you page, but that's
| > >>> : > : all it does.
| > >>> : > :
| > >>> : > : --
| > >>> : > : Murray
| > >>> : > : --------------
| > >>> : > : MVP FrontPage
| > >>> : > :
| > >>> : > :
| > >>> : > : "Skimbleway" <[email protected]>
| > >>> wrote
| > >>> : > in message
| > >>> : > :
| > >>> | > >>> : > : > We are having some difficulty with a spammer who
| > >>> uses
| > >>> : > the Contact us! Form
| > >>> : > : > on
| > >>> : > : > our website. The spammer uses the same letters in
| > >>> the
| > >>> : > 'Name', 'E-mail
| > >>> : > : > address', 'Location' etc boxes followed by the usual
| > >>> : > spam rubbish in the
| > >>> : > : > 'Message' box. Is there any way that we can set up
| > >>> : > FrontPage to reject
| > >>> : > : > (delete) the message when the spammer clicks 'Send'?
| > >>> : > : > What has been suggested is "What I recommend doing
| > >>> is
| > >>> : > checking the detail
| > >>> : > : > entered into the Form itself and if they match the
| > >>> ones
| > >>> : > you say are always
| > >>> : > : > the same to reject details" but we dont know how to
| > >>> do
| > >>> : > this.
| > >>> : > : > Any helpful advice will be appreciated.
| > >>> : > :
| > >>> : > :
| > >>> : >
| > >>> : >
| > >>> :
| > >>> :
| > >>>
| > >>>
| > >>
| > >>
| >
| >
| >
Click to expand...
 
M

Morty

Thanks, I am going to call my host again.

Thomas A. Rowe said:
Not really something the any HTML editor can do.

If hosted on Unix/Linux, use htaccess or server-side scripting (PHP)

If hosted IIS use the IIS MMC if you manage your own server or your web host is willing to do it for
you, otherwise you have to use server-side scripting (ASP, ASP.net, [PHP, CFM, if supported]).
--
==============================================
Thomas A. Rowe
Microsoft MVP - FrontPage

http://www.Ecom-Data.com
==============================================


Morty said:
How does one block an IP address in Frontpage 2002?

Thanks,
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Custom form problems 1
sending a large group email without getting nabbed for spammin? 1
"Database Maintenance Required" error on startup 3
How to Restrict printing multiple detail pages? 0
Can no longer send email or sync properly 0
Copy from one user form to another 4
Formatted Auto Numbering 1
Stuck .... Can't exit form 1

Top