Unwanted intrusion

[Gordon]

I have been having problems for the past three weeks with an
unwanted poster taking over the message board on my web site. I
have temporarily put a password on the web site to stop the
action, but I need to figure out a permanent solution.

These bulletin board posts seem to be from a Chinese source, and
each post contains about 60 lines of http:// type URLs. Thess are
all identical except the final number, just before the .html
changes by one unit for each URL in the series.

These URL lines contain the text, "ltsjling.home4u.com/lt/000XXX
where XXX is the number sequence mentioned above. I am reticent
to type the entire, comple URL because it may have some
malevolent capability.

Has anyone in this group had a similar experience? If so, how did
you resolve it? These things change their remote name regularly,
so an ordinary blocker would not be effective.

 

[JoAnn Paules [MSFT MVP]]

If you check the archives of this group, you will find that several other
posters have had the same problem. Unfortunately there's nothing you can do
about it.

 

[Mark Fitzpatrick]

As JoAnn says, there isn't much to do. A lot of companies now have programs
that all they do is scour the web for guestbooks and feedback forms and
simply post their advertisement/message to them and submit them. Basically
think of it spam for websites. Unfortunately, there's no real way to block
this without using third-party custom solutions, such as requiring a special
phrase to be entered into a box (usually the phrase or characters are in a
graphic and distorted so a person could read them but the computer would
have a hard time figuring it out) before the post will be accepted.
FrontPage does not have this feature in it, but there may be
forum/guestbook/message board scripts that have a human interaction
requirement that would be available for your server setup.

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - FrontPage

 

[Gordon]

As JoAnn says, there isn't much to do. A lot of companies now have programs
that all they do is scour the web for guestbooks and feedback forms and
simply post their advertisement/message to them and submit them. Basically
think of it spam for websites. Unfortunately, there's no real way to block
this without using third-party custom solutions, such as requiring a special
phrase to be entered into a box (usually the phrase or characters are in a
graphic and distorted so a person could read them but the computer would
have a hard time figuring it out) before the post will be accepted.
FrontPage does not have this feature in it, but there may be
forum/guestbook/message board scripts that have a human interaction
requirement that would be available for your server setup.

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - FrontPage

Thanks, Mark and JoAnn, for these responses. I was afraid I was
going to find out it was something like this. I can stop them
briefly by placing a password on the web site, but this limits
the web site to only those who know the password. We want it to
be available to the public.

Is there any way, using FP 2000, that I can pasword protect only
the message board, but leave the rest of the site open to public
browsing? It seems that I have two choices. I can password the
whole web site, or I can password none of it. Is this right.

If I could password the message board post page, only, I could
publish the password on another page and let individuals use this
password to open the BB Post function. I doubt these phisher/SPAM
computers would be very adroit at figuring this out.

Gordon

 

[JoAnn Paules [MSFT MVP]]

Chances are the people that are doing this have already figured out a way
around whatever trick you think will stop them. They're in the business of
this kind of crap - sad, isn't it?

 

[MikeR]

Gordon -
You can protect as much or as little as you like with a logon page.
MikeR 1st

 

[Cheryl D Wise]

Something others have a pseudo guest book. The pages are created normally in
FP from the existing comments then a new form is created that lets people
send comments for posting. They get a response on the confirmation page that
says "your post will appear after the moderator has approved it."

More time consuming but it does stop the spamming. Many of the blogs can be
used in a similar manner and have moderation of posts as a configuration
option.

--
Cheryl D. Wise
MS FrontPage MVP
http://mvp.wiserways.com
http://starttoweb.com
Online instructor led web design training in FrontPage,
Dreamweaver and more!

 

[Murray]

Actually, all you'd really need there would be a confirmation page with a
link that says - Confirm that this is what you want to say. Without
clicking that link, the post would drop into the bit bucket, no?

 

[Gordon]

Actually, all you'd really need there would be a confirmation page with a
link that says - Confirm that this is what you want to say. Without
clicking that link, the post would drop into the bit bucket, no?

First I want to thank everyone for their responses. I'm still
trying to get this problem resolved. All I'm doing now is
deleting the unwanted messages each day, manually.

Murray, is this workable with FP 2000 Version 4.0.2.2717? That
is, can I set up my message board post applet such that it will
require a confirmation? And, would the imposters be able to work
around this?

My ISP gurus suggested that I FTP upload to my root directory a
file named .htaccess

This file should contain the following ASCIII text;

<Limit GET>
order allow,deny
deny from 128.23.45
deny from 207.158.255.213
allow from all
</Limit>

The IP addresses are those of the offending poster.
The problem here is that the IP addresses change very frequently.

Gordon

 

[Murray]

Gordon:

Sorry - I can't tell you the answers to these questions, as I only have
FP2003, and I know that there are significant differences between your
version and mine.

In theory, you'd have your posted form submit to a confirmation page, which
then submits to the guestbook. I don't know how easy it would be to get
around that, but I'd guess it is a simple way to stop most of it.

 

[Gordon]

Gordon:

Sorry - I can't tell you the answers to these questions, as I only have
FP2003, and I know that there are significant differences between your
version and mine.

In theory, you'd have your posted form submit to a confirmation page, which
then submits to the guestbook. I don't know how easy it would be to get
around that, but I'd guess it is a simple way to stop most of it.

I have been contemplating upgrading to FP 2003, but am not sure I
could swing my existing web site over to FP 2003 with no
significant problems. Is this a stumbling block? How long before
new version (FP 2006, or what ever) is to be released? Should I
wait for that?

Another question...I when I open a Reports View I see a table
listing;

Unlinked files 536
Broken hyperlinks 747

All the other items on this table seem to be okay, but these
cause me some concern. I tried to delete some of the unlinked
files and this caused my web site to go catatonic. I had to re
upload it from my backup. I'm reticent to mess with these files,
now, but I wonder if they are causing, or could in the future
cause some problems.

Gordon , webmaster, http://www.okc-shhh.org

 

[Ronx]

In line
--
Ron Symonds
Microsoft MVP (FrontPage)
Reply only to group - emails will be deleted unread.

I have been contemplating upgrading to FP 2003, but am not sure I
could swing my existing web site over to FP 2003 with no
significant problems. Is this a stumbling block? How long before
new version (FP 2006, or what ever) is to be released? Should I
wait for that?

There is no known release date for FP2006 (if that is what it will be
called).

Another question...I when I open a Reports View I see a table
listing;

Unlinked files 536
Broken hyperlinks 747

The unlinked files report lists all files that cannot be reached
following *normal* links starting from your Home Page. *normal* links
are those that do not involve any scripting (JavaScript, Java, etc.).
If you use a DHTML menu system, it is possible that every page in your
web will be on this list.

The Broken Hyperlinks report includes links to files that are not in
your web - on other sites or in subwebs.

All the other items on this table seem to be okay, but these
cause me some concern. I tried to delete some of the unlinked
files and this caused my web site to go catatonic. I had to re
upload it from my backup. I'm reticent to mess with these files,
now, but I wonder if they are causing, or could in the future
cause some problems.

See above

 

[Pictures]

I get that on my website too. Every other day or so I have to delete 20 or
30 of these. I get that crap from those gambling websites too.