[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] How to stop form spamming!

Subject: Re: [cobalt-users] How to stop form spamming!
From: "Stuart Wright" <jerry.bolton@xxxxxxxxxxx>
Date: Tue Oct 17 02:08:06 2000
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Matt Wright's form mail cgi script checks that the referrer is a specific
domain.  You could use this aspect of his script in your cgi script to
ensure that your cgi script only accepts forms posted from your website.

put this at the top of your CGI script

@referers = ('worldwidemart.com','206.31.72.203');

comment : This array allows you to define the domains that you will allow
forms to reside on and use your FormMail script. If a user tries to put a
form on another server, that is not worldwidemart.com, they will receive an
error message when someone tries to fill out their form. By placing
worldwidemart.com in the @referers array, this also allows
www.worldwidemart.com, ftp.worldwidemart.com, any other http address with
worldwidemart.com in it and worldwidemart.com's IP address to access this
script as well, so no users will be turned away.

Put this where you want to check the referrer

# Check Referring URL
&check_url;

Put this subroutine anywhere in your script.

sub check_url {

    # Localize the check_referer flag which determines if user is valid.
#
    local($check_referer) = 0;

    # If a referring URL was specified, for each valid referer, make sure
#
    # that a valid referring URL was passed to FormMail.
#

    if ($ENV{'HTTP_REFERER'}) {
        foreach $referer (@referers) {
            if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)$referer|i) {
                $check_referer = 1;
                last;
            }
        }
    }
    else {
        $check_referer = 1;
    }

    # If the HTTP_REFERER was invalid, send back an error.
#
    if ($check_referer != 1) { &error('bad_referer') }
}


The only comment I have with regard to the above is that if there is no
referrer, you may want to return an error aswell.  This may be the likely
scenario.  In which case, you would want :

    else {
        $check_referer = 0;
    }

setting the $check_referer variable to 0 instead of 1 near the bottom of the
subroutine.

Anyhow, this is how I'd approach the problem.
Good luck.
Kill the spammers !

----- Original Message -----
From: "Casselman, Chad" <chad.casselman@xxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Monday, October 16, 2000 3:30 PM
Subject: [cobalt-users] How to stop form spamming!


> I have a site that allows people to submit a form and it posts their site
> information for me to review and add their site to my site.  Well somehow
(I
> think with cgi) someone is posting hundreds of hundreds of links without
> touching my pages.  I have it logging all environment variables when it is
> submitted but I can't tell the difference between one of this spammed
> submissions and a good one.  I know it is a script because the stats
program
> is not counting any hits for all these submissions.
>
> How can I stop this?
>
> Please help me stop this spamming,
> chad
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- [cobalt-users] How to stop form spamming!
  - From: Casselman, Chad

Prev by Date: Re: [cobalt-users] [Raq2] Sendmail - infinite recursion problems...
Next by Date: Re: [cobalt-users] Help! forgot password of virtual site!
Previous by thread: RE: [cobalt-users] How to stop form spamming!
Next by thread: [cobalt-users] Reverse DNS Lookups

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index