Results 1 to 22 of 22
  1. #1
    Newbie Affiliate Ian's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,540
    Help with spammer
    Hey everyone,

    Some goofball is using my tell a friend script to spam. I have put some duct tape on so they are unable to run the script but duct tape won't last long. While I am in the process of getting some help to tighten up my script, I have logged and grabbed 2 IP addresses trying to access my script with the intent to spam. One from Korea and one from the US. How has anyone handled this one?

    All attackes were roughly 30 seconds apart and given the IP's are so far apart (geographically) this could be just a machine probing the internet and it may not be a real person. Is there a deadly page somewhere I can redirect the spammer to? I am nervous as that might piss them even more off and run more attacks. I was thinking somewhere along the line where ads continuosly pop or virus gets installed. I am not a mean person but when others are using my website to spam, I really don't know how to deal with this one. I am not sure writing to the ISP of each IP is going to get anywhere but tha is part of my plan today as I keep logging their IP's.

    Any help would be greatly appreciated.

  2. #2
    ABW Ambassador
    Join Date
    November 25th, 2005
    Posts
    639
    Hi Ian, I have had this happen to some of my sites and the way I dealt with it was to program the script to check the domain that is firing the script. If it wasn't my domain, do not process, log the IP (and any other server variables you may want) and include the IP in the error page.

    You cannot stop them trying but you can stop them from succeeding!

  3. #3
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    This is pretty common. The main thing you can do to prevent it is to check for newlines (\n) in all of your input fields. If they are detected, log everything and don't send the email.

    The IP addresses probably won't do you any good. They're probably going through proxies to hide their location. Since they don't need any return information, they may even be spoofing IP addresses. The one exception is this: Before they started spamming through your site, they probably scouted it out to find the email forms, then they probably tested it to make sure they could insert newlines to add their own headers. This would likely from their real IP address.

    Redirecting them somewhere won't help, either. They're not accessing your site with a browser. They've built a program that accesses your Tell A Friend script page directly.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  4. #4
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    Quote Originally Posted by CanadianDave
    Hi Ian, I have had this happen to some of my sites and the way I dealt with it was to program the script to check the domain that is firing the script. If it wasn't my domain, do not process, log the IP (and any other server variables you may want) and include the IP in the error page.

    You cannot stop them trying but you can stop them from succeeding!
    That would probably catch most of them, but the referrer URL can be forged as well. You want to check for newlines (\n) in input fields, too. That's the essential vulnerability that they take advantage of.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  5. #5
    Newbie Affiliate Ian's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,540
    Hey, thanks for the replies so far. You are right, IP's from more countries are popping up. Let me get some help from a friend about searching for \n. I see they continuosly use one header line in all the attempts so I will look into that too. This really sucks.

  6. #6
    ABW Ambassador
    Join Date
    November 25th, 2005
    Posts
    639
    Michael, I hadn't thought of the newlines. I stopped coding when my problems stopped. I will fill this hole just to be sure.

  7. #7
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Sacramento, CA
    Posts
    1,263
    What script are you using? or is it custom?

  8. #8
    Newbie Affiliate Ian's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,540
    It's a custom script so that will be easier for putting in the security. I hope... Did I mention I hate spammers?

  9. #9
    Newbie Affiliate Ian's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,540
    ok, they keep coming.

    Once I figure out how to prevent emails from going out through the script, how does one stop this? Just wait until the pinging stops?

    I am still trying to figure a way out to not only shut the door but make it invisible so no one comes knocking. Is that possible? I am still trying...

  10. #10
    ABW Ambassador Akiva's Avatar
    Join Date
    January 18th, 2005
    Location
    New Jersey
    Posts
    3,266
    Try renaming the script temporarily.
    Akiva Bergstrom | akiva@affsolutions.com | 718-871-8286

    Affiliate Marketing Solutions by affSolutions - Creator of the Product Showcase Creator™

    Managed Programs: EssentialApparel.com (Join) | SportsFanfare.com (Join)


    Affiliates: Product Showcase Creator Directory | Merchants: License the Product Showcase Creator™!

  11. #11
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    My guestbook -website quote request and Mall storefront request forms have all been hijacked by the spamming bots. Getting tons of spam from these wanks. Time to turn off general inquire forms.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  12. #12
    Newbie Affiliate Ian's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,540
    Thanks for the suggestion Akiva. What I have done temporarily is put in a check variable in the script so that if does not match from the form, it logs them and redirects them to the home page. I am hoping this won't set off alarm bells until I can truly tighten the script. Am I overly paranoid in thinking that if I change the script name, that will set off a flag on their end and they begin scraping again?

    But I guess once they figure out the emails are'nt going out, they would know eventually? I am hoping I can keep this silent until I can tighten the screws.

  13. #13
    lurk
    Join Date
    March 25th, 2005
    Posts
    355
    Quote Originally Posted by Affiliate Ian
    Thanks for the suggestion Akiva. What I have done temporarily is put in a check variable in the script so that if does not match from the form, it logs them and redirects them to the home page. I am hoping this won't set off alarm bells until I can truly tighten the script. Am I overly paranoid in thinking that if I change the script name, that will set off a flag on their end and they begin scraping again?

    But I guess once they figure out the emails are'nt going out, they would know eventually? I am hoping I can keep this silent until I can tighten the screws.
    Everything mentioned so far sounds like it can be worked around. You might concider a CAPTCHA system. It will be more work but is highly effective (not saying it's perfect).

    CAPTCHA is the sytem you see on many sites where a form requires you to enter in the letters you see from an image, you can search google for it to learn more http://www.google.com/search?hl=en&l...ha&btnG=Search

    It's not exactly the most glamourous thing to put on your website but it'll certainly help.
    Jason

  14. #14
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    551
    If your concerned about accessability you may also want to read this

    http://www.w3.org/WAI/intro/captcha.php

  15. #15
    ABW Veteran Mr. Sal's Avatar
    Join Date
    January 18th, 2005
    Posts
    6,795
    Quote Originally Posted by Affiliate Ian
    Hey everyone,

    Some goofball is using my tell a friend script to spam. I have put some duct tape on so they are unable to run the script but duct tape won't last long. While I am in the process of getting some help to tighten up my script, I have logged and grabbed 2 IP addresses trying to access my script with the intent to spam. One from Korea and one from the US. How has anyone handled this one?

    All attackes were roughly 30 seconds apart and given the IP's are so far apart (geographically) this could be just a machine probing the internet and it may not be a real person. Is there a deadly page somewhere I can redirect the spammer to? I am nervous as that might piss them even more off and run more attacks. I was thinking somewhere along the line where ads continuosly pop or virus gets installed. I am not a mean person but when others are using my website to spam, I really don't know how to deal with this one. I am not sure writing to the ISP of each IP is going to get anywhere but tha is part of my plan today as I keep logging their IP's.

    Any help would be greatly appreciated.
    Hi again Ian,

    I don't know what "tell a friend" script you're using but, I am still using the free BIRDCAST Site Reader Recommendation Script for a coople of years, and so far I have not received a single spam email from that script.

    Check it out here:

    BIRDCAST Site Reader Recommendation Script
    A very easy script to install and to help you promote your site. Features include: e-mail of current URL to an unlimited number of recipients, logging of pages referred, and a message area for the sender's comments. After sending the URL, the script returns the reader to the original page they were reading. All features are configured via the HTML form.
    Also, you can try a little extra code on your own "tell a friend script" and see if it works there, (I got this code from BNB too, and it works on many of my *.pl script's.

    This is the code:

    # CONFIGURATIONS

    @okaydomains=("http://Ian-site.com", "http://www.Ian-site.com");
    $DOMAIN_OK=0;
    $RF=$ENV{'HTTP_REFERER'};
    $RF=~tr/A-Z/a-z/;
    foreach $ts (@okaydomains)
    {
    if ($RF =~ /$ts/) { $DOMAIN_OK=1; }
    }
    if ( $DOMAIN_OK == 0)
    { print "Content-type: text/html\n\n No Way Jose - Sorry....Cant run from here!";
    print "<hr>\n";
    print "Go To <a href=\"http://www.Ian-site.com\">Recomend Ian Site</a> First, and then use this script\n";
    exit;
    }
    Just replace the: No Way Jose - ....Cant run from here! to what ever you want to say, and replace the Ian-site.com with your own site name.

    Trust me, this code may sound complicated, but this shit works, at least it's working for many of my scripts!

    Note: Ian, if you are going to try that code, just make sure that you do the copy and paste in B/W, otherwise the code may nor work. I used the RED and BLUE colors in the code, just to make it easier for you to follow the code.

    Sal.
    ...

  16. #16
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    551
    Question
    I was thinking about this, I did some searching and found ctype_cntrl.

    http://uk.php.net/manual/en/function.ctype-cntrl.php

    does anyone have any comments or see any problems with using it like this to cut out all control chars

    if(!ctype_cntrl($stuff)){

    Just an attempt to create security in depth.

    Thanks.

  17. #17
    Newbie Affiliate Ian's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,540
    Jrod, Wayder and Mr Sal, thank you for the feedback. I am in the process os testing out each of your ideas. Hopefully, I will find a solution soon. The damn spamming script keeps pinging my server. I am lucky to have some duct tape up so they can't spam out but not sure how long that will last.

    Back to testing! Thanks everyone!

  18. #18
    Full Member asr_guy's Avatar
    Join Date
    June 12th, 2005
    Location
    Canada
    Posts
    310
    In my experience the ROI on "tell a friend" is not worth the hassle, even without spammers. If you can measure it's effectiveness then you might consider dropping it entirely, unless it's somehow part of your affiliate model.
    [URL=http://www.typoassassin.com/?utm_source=abestweb&utm_medium=forum&utm_content=p&utm_campaign=sig]Are these affiliates stealing from you?[/URL]

  19. #19
    Full Member bwc's Avatar
    Join Date
    January 18th, 2005
    Location
    Rock Town USA
    Posts
    403
    Quote Originally Posted by asr_guy
    In my experience the ROI on "tell a friend" is not worth the hassle, even without spammers. If you can measure it's effectiveness then you might consider dropping it entirely, unless it's somehow part of your affiliate model.
    That's a very good point and one I discovered a number of years ago. The typical person is not going to contact you unless they are having problems with ordering. If you're an affiliate site then there almost is no reason to put an email address on the site. In 10 years I can probably say only about 100 people have contacted me trying to have me answer a merchant's questions. I made a canned response stating I am not the merchant and also included that statement on my site and the problems with spammers has decreased big time wioth no ill effects in traffic/commissions.

    If your site is any good they're gonna tell a friend without your telling them to. I installed an "Add To Favorites" link instead . . . me thinks this be better . . .

  20. #20
    Newbie Affiliate Ian's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,540
    ok, update on the situation. There is duct tape on the script now and it is working but the spammer is coming back and hitting the script hard lately. I am thinking about renaming the filename. This would then serve up the 404 BUT, that means if the hits keep coming back, this is going add extra overhead on the server and falsely increase page impressions.

    I am able to detect the offender now, what is the best method to with them without causing an extra pageload in the short term. It's going to take some time to find and install a good captcha script. Come to think of it, even with captcha installled, the hits and pageload can still keep coming right?

    If anyone knows of a good captcha system (open source), it would be much apprecaited. Any other tips would be greatly appreciated as well.

    Cheers!

  21. #21
    Full Member markschok's Avatar
    Join Date
    January 18th, 2005
    Posts
    269
    I had this problems a few months ago. Didn't go as far as the captcha but did rename the form/page file & the form processing file and used a similar bit of code to check the reffering domain and the scripts domain. Renaming the files seemed to work best and with the other security the spammer eventually moved on.
    I was using a standard script with a name and version number on the form page. Now this page is in my robots.txt so it can't be found as easily and there's no real need for SE's to see this page.
    Other ideas I had but didn't try was, using a cookie between the form and mail processing script to check they had come from my form page or it was a no go. Or using a cookie as to how many times it could be accessed in a set period. Another thing I thought about trying was using a POST form instead of a GET form to stop the variables from apprearing the URL and making the spammer job any easier.

    Another technique I used elsewhere was a javascript validation of the form and a piece of javascript normally used to detect swear words but altered to look for pieces of code. Though this wouldn't work if they are hitting the processing part with their own program and not using the web sites own form page.

  22. #22
    I like traffic lights
    Join Date
    January 18th, 2005
    Location
    Southern hemisphere - away from Fukushima
    Posts
    2,936
    2 suggestions.

    1. Change the script so the text for the email message is fixed. That makes it totally useless for spamming.

    2. Change the script name, then put a little script in it's place that monitors for machines sending POST queries, give them a 403 and then add their IP # to your blacklist.

    If it's a linux server, take a look at portsentry.

  23. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. I Am a Spammer.
    By Harry keane in forum Introduce Yourself
    Replies: 0
    Last Post: January 9th, 2009, 10:51 PM
  2. I am a spammer
    By Dynamoo in forum Virtual Family and Off-Topic
    Replies: 10
    Last Post: January 27th, 2004, 09:12 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •