On Frontpage emailed form results, need to block spoofing

G

Greg

On the website I support, I use FrontPage forms to gather information and
then email it to one of our church members for handling. It seems that the
email process is being exploited to send spam under our domain name. I need
some advice about preventing this. It has been suggested that an add-in might
be available that presents those random little boxes with funky, graphic text
that the form user has to input in order to submit the form. Any suggestions
on sources for this type of addin or an alternate approach to blocking the
email spoofing?
 
A

Andrew Murray

Greg said:
On the website I support, I use FrontPage forms to gather information and
then email it to one of our church members for handling. It seems that the
email process is being exploited to send spam under our domain name. I need
some advice about preventing this. It has been suggested that an add-in might
be available that presents those random little boxes with funky, graphic text
that the form user has to input in order to submit the form. Any suggestions
on sources for this type of addin or an alternate approach to blocking the
email spoofing?




You can't do that with the Frontpage form.

It requires a server side script to generate the image or code, and to
verify the code entered is correct. Try the PHP emailer script at
http://www.veign.com/code-view.php?type=web&codeid=59
 
R

Ronx

As Andrew said using Captcha or similar devices is only effective when
the form is processed by server side scripting - the FrontPage
extensions cannot be used for this, and while JavaScript can be used to
validate a Captha device, spammers will have JavaScript turned off
making the whole idea a waste of effort.

Some other ideas are at http://www.rxs-enterprises.org.tests/anti-spam/
but these all require server side scripting (asp, asp.NET, PHP etc.)
 
B

Bryan

I am having the same exact problem. I know there is the ability to install
Captcha within a Frontpage form, but need help with resources just like Greg
does. If the website was developed in Frontpage and for example the form is
in one of the pages itself, then how do you do this?

Thanks.

Bryan
 
G

Greg

This is another 'gotcha" that comes along with being a volunteer webmaster.
I appreciate the input from Andrew and Ronx. I will look through the
resource you provided. If I have a breakthrough, Bryan, I will post whatever
I can share.

One other question, though. If I post my results to a text file rather than
email them is there any inherent danger there that unscrupulous bots or their
owners can or are likely to take advantage of? More work for me but if it
keeps me from being a spam target and getting email from my domain blocked
somewhere along the way it may be worthwhile.
 
R

Ronx

If the text file is in your _private folder it should be safe from
prying eyes - I suggest you check this from a different computer, yours
may be logged into the site which will give access to the folder.

Then the worst that will happen is the text file will be filled with the
spam messages.

--
Ron Symonds - Microsoft MVP (FrontPage)
Reply only to group - emails will be deleted unread.

http://www.rxs-enterprises.org/fp
 
S

Sheetrum

I found a site that may help you, it's
http://www.white-hat-web-design.co.uk/articles/php-captcha.php

They even give you the code, but it's up to you to make it work. The email
I sent from the help page went un-answered.

To find out if your server supports PHP, create a new page with only the
following

<?php phpinfo(); ?>

Once this page is posted, browsing to it online should give you a good bit
of info. (provided your server supports PHP)

Good Luck!
 
B

Bryan

OK, I tried something interim and it didn't work, why?

I put a required field in the form and put an image that doesn't change to
the left. the field requires the user to enter the 5 letters they see in the
image in the required field and if it is not an exact match the form cannot
be submitted. This has made it more difficult for real users to submit the
form, but the robots are still submitting the form with spam and spoof, it
comes to me without the required field even filled in, how are they doing
that?

Thanks.

Bryan
 
R

Ronx

Test the form with JavaScript disabled - there is no validation, and
this is how spammers have their "browsers" set.
--
Ron Symonds - Microsoft MVP (FrontPage)
Reply only to group - emails will be deleted unread.

http://www.rxs-enterprises.org/fp




OK, I tried something interim and it didn't work, why?

I put a required field in the form and put an image that doesn't change to
the left. the field requires the user to enter the 5 letters they see in the
image in the required field and if it is not an exact match the form cannot
be submitted. This has made it more difficult for real users to submit the
form, but the robots are still submitting the form with spam and spoof, it
comes to me without the required field even filled in, how are they doing
that?

Thanks.

Bryan
 
B

Bryan

Ronx, I can do the test on my own browser, but I am confused how this will
help with our form when the robots get to it on the web. Our form is on our
website at http://www.prioritymoving.com/get-estimate.htm

Thanks again for your advice. I am trying to stop the robots from filling
out this form including somehow getting around that required field at the
bottom of the form.

Thanks

Bryanh
 
T

Thomas A. Rowe

What Ronx was trying to show you is how your page will respond when a spam bots that come to your
site. The spam bots surf with JavaScript disable, so any type of protection that relies on
JavaScript will not work to stop these spam bots

--
==============================================
Thomas A. Rowe
Microsoft MVP - FrontPage

http://www.Ecom-Data.com
==============================================
 
B

Bryan

Thanks Thomas, I appreciate your response. I am still confused however if
there was a suggestion that I can do anything with my existing form to stop
the bots. I really thought that having a required field with a specific
entry would stop the bots, but they went right around it. Does the
javascript issue have anything to do with stopping this on our site?

Is captcha the only solution? Thanks for any help.

Bryan
 
T

Tom [Pepper] Willett

There is nothing you can do with the FP to stop the bots. If a visitor
turns off javascript in their browser, they bypass and and all javascript,
including the FP form validation.

You can check with your host to see what type of scripting they support, and
write your own server side script for forms to email.

--
===
Tom [Pepper] Willett
Microsoft MVP - FrontPage
"You're a daisy if you do!"
---
FrontPage Support:
http://www.frontpagemvps.com/
===
: Thanks Thomas, I appreciate your response. I am still confused however if
: there was a suggestion that I can do anything with my existing form to
stop
: the bots. I really thought that having a required field with a specific
: entry would stop the bots, but they went right around it. Does the
: javascript issue have anything to do with stopping this on our site?
:
: Is captcha the only solution? Thanks for any help.
:
: Bryan
:
: "Thomas A. Rowe" wrote:
:
: > What Ronx was trying to show you is how your page will respond when a
spam bots that come to your
: > site. The spam bots surf with JavaScript disable, so any type of
protection that relies on
: > JavaScript will not work to stop these spam bots
: >
: > --
: > ==============================================
: > Thomas A. Rowe
: > Microsoft MVP - FrontPage
: >
: > http://www.Ecom-Data.com
: > ==============================================
: >
: >
: > : > > Ronx, I can do the test on my own browser, but I am confused how this
will
: > > help with our form when the robots get to it on the web. Our form is
on our
: > > website at http://www.prioritymoving.com/get-estimate.htm
: > >
: > > Thanks again for your advice. I am trying to stop the robots from
filling
: > > out this form including somehow getting around that required field at
the
: > > bottom of the form.
: > >
: > > Thanks
: > >
: > > Bryanh
: > >
: > > "Ronx" wrote:
: > >
: > >> Disabling Javascript is a browser setting:
: > >>
: > >> In IE:
: > >> Tools->Internet Options
: > >> On the Security Tab, click the Zone the website is in (probably
either
: > >> Internet or Trusted Sites)
: > >> Click Custom Level
: > >> Scroll down to Scripting, Active Scripting section, and select
disable
: > >> Click OK
: > >> Click OK
: > >>
: > >> In FireFox 2:
: > >> Tools->Options
: > >> Click Content on the toolbar
: > >> Clear the box "enable Javascript"
: > >> Click OK
: > >>
: > >> Don't forget to reset these settings when you have finished testing.
: > >> --
: > >> Ron Symonds - Microsoft MVP (FrontPage)
: > >> Reply only to group - emails will be deleted unread.
: > >>
: > >> http://www.rxs-enterprises.org/fp
: > >>
: > >>
: > >>
: > >>
: > >> : > >>
: > >> > Ronx, thanks for the reply, how do I disable JavaSript on this page
with the
: > >> > form? Is that done within the form, on the server host, etc....
Thanks so
: > >> > much.
: > >> >
: > >> > Bryan
: > >> >
: > >> > "Ronx" wrote:
: > >> >
: > >> > > Test the form with JavaScript disabled - there is no validation,
and
: > >> > > this is how spammers have their "browsers" set.
: > >> > > --
: > >> > > Ron Symonds - Microsoft MVP (FrontPage)
: > >> > > Reply only to group - emails will be deleted unread.
: > >> > >
: > >> > > http://www.rxs-enterprises.org/fp
: > >> > >
: > >> > >
: > >> > >
: > >> > >
: > >> > > : > >> > >
: > >> > > > OK, I tried something interim and it didn't work, why?
: > >> > > >
: > >> > > > I put a required field in the form and put an image that
doesn't change to
: > >> > > > the left. the field requires the user to enter the 5 letters
they see in the
: > >> > > > image in the required field and if it is not an exact match the
form cannot
: > >> > > > be submitted. This has made it more difficult for real users
to submit the
: > >> > > > form, but the robots are still submitting the form with spam
and spoof, it
: > >> > > > comes to me without the required field even filled in, how are
they doing
: > >> > > > that?
: > >> > > >
: > >> > > > Thanks.
: > >> > > >
: > >> > > > Bryan
: > >> > > >
: > >> > > > "Sheetrum" wrote:
: > >> > > >
: > >> > > > > I found a site that may help you, it's
: > >> > > > >
http://www.white-hat-web-design.co.uk/articles/php-captcha.php
: > >> > > > >
: > >> > > > > They even give you the code, but it's up to you to make it
work. The email
: > >> > > > > I sent from the help page went un-answered.
: > >> > > > >
: > >> > > > > To find out if your server supports PHP, create a new page
with only the
: > >> > > > > following
: > >> > > > >
: > >> > > > > <?php phpinfo(); ?>
: > >> > > > >
: > >> > > > > Once this page is posted, browsing to it online should give
you a good bit
: > >> > > > > of info. (provided your server supports PHP)
: > >> > > > >
: > >> > > > > Good Luck!
: > >> > > > >
: > >> > > > >
: > >> > > > > : > >> > > > > > If the text file is in your _private folder it should be
safe from prying
: > >> > > > > > eyes - I suggest you check this from a different computer,
yours may be
: > >> > > > > > logged into the site which will give access to the folder.
: > >> > > > > >
: > >> > > > > > Then the worst that will happen is the text file will be
filled with the
: > >> > > > > > spam messages.
: > >> > > > > >
: > >> > > > > > --
: > >> > > > > > Ron Symonds - Microsoft MVP (FrontPage)
: > >> > > > > > Reply only to group - emails will be deleted unread.
: > >> > > > > >
: > >> > > > > > http://www.rxs-enterprises.org/fp
: > >> > > > > >
: > >> > > > > >
: > >> > > > > >
: > >> > > > > >
: > >> > > > > > : > >> > > > > >
: > >> > > > > >> This is another 'gotcha" that comes along with being a
volunteer
: > >> > > > > >> webmaster.
: > >> > > > > >> I appreciate the input from Andrew and Ronx. I will look
through the
: > >> > > > > >> resource you provided. If I have a breakthrough, Bryan, I
will post
: > >> > > > > >> whatever
: > >> > > > > >> I can share.
: > >> > > > > >>
: > >> > > > > >> One other question, though. If I post my results to a
text file rather
: > >> > > > > >> than
: > >> > > > > >> email them is there any inherent danger there that
unscrupulous bots or
: > >> > > > > >> their
: > >> > > > > >> owners can or are likely to take advantage of? More work
for me but if
: > >> > > > > >> it
: > >> > > > > >> keeps me from being a spam target and getting email from
my domain
: > >> > > > > >> blocked
: > >> > > > > >> somewhere along the way it may be worthwhile.
: > >> > > > > >> --
: > >> > > > > >> Greg, the volunteer webmaster
: > >> > > > > >>
: > >> > > > > >>
: > >> > > > > >> "Bryan" wrote:
: > >> > > > > >>
: > >> > > > > >> > I am having the same exact problem. I know there is the
ability to
: > >> > > > > >> > install
: > >> > > > > >> > Captcha within a Frontpage form, but need help with
resources just like
: > >> > > > > >> > Greg
: > >> > > > > >> > does. If the website was developed in Frontpage and for
example the
: > >> > > > > >> > form is
: > >> > > > > >> > in one of the pages itself, then how do you do this?
: > >> > > > > >> >
: > >> > > > > >> > Thanks.
: > >> > > > > >> >
: > >> > > > > >> > Bryan
: > >> > > > > >> >
: > >> > > > > >> > "Greg" wrote:
: > >> > > > > >> >
: > >> > > > > >> > > On the website I support, I use FrontPage forms to
gather information
: > >> > > > > >> > > and
: > >> > > > > >> > > then email it to one of our church members for
handling. It seems
: > >> > > > > >> > > that the
: > >> > > > > >> > > email process is being exploited to send spam under
our domain name.
: > >> > > > > >> > > I need
: > >> > > > > >> > > some advice about preventing this. It has been
suggested that an
: > >> > > > > >> > > add-in might
: > >> > > > > >> > > be available that presents those random little boxes
with funky,
: > >> > > > > >> > > graphic text
: > >> > > > > >> > > that the form user has to input in order to submit the
form. Any
: > >> > > > > >> > > suggestions
: > >> > > > > >> > > on sources for this type of addin or an alternate
approach to
: > >> > > > > >> > > blocking the
: > >> > > > > >> > > email spoofing?
: > >> > > > > >> > > --
: > >> > > > > >> > > Greg, the volunteer webmaster
: > >> > > > > >
: > >> > > > >
: > >> > > > >
: > >> > > > >
: > >> > >
: > >> > >
: > >>
: > >>
: >
: >
: >
 
T

Thomas A. Rowe

Server-side captcha scripting (PHP, ASP, etc.) is really the best solutions. JavaScript based
schemes will not stop the spam bots.

--
==============================================
Thomas A. Rowe
Microsoft MVP - FrontPage

http://www.Ecom-Data.com
==============================================
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top