Posted by Steve on 03/01/07 14:39

"Geoff Berrow" <blthecat@ckdog.co.uk> wrote in message
news:933du2tuui1ln6rgjns939puir9g4tdfur@4ax.com...
| Message-ID: <bVoFh.667$D15.2@newsfe04.lga> from Steve contained the
| following:
|
| >| What it does is it fixes spamming attempts. Which is rather stupid
| >| since you don't really need mail from people who are attempting to hack
| >| your system.
| >|
| >| Rather than fix them, better to simply drop them silently.
| >
| >GEOFF !!! don't be stupid...it is easier to detect if he keeps trying to
| >hack...and easier for me to track and prosecute legally.
|
| I'm sorry, I just don't think it's worth the time and effort. I have a
| mail script running on a site which is a directory of 200 businesses.
| Those businesses just don't want the hassle of dealing with bogus email.
|
| As J.O Aho has said, there is nothing to stop you logging the attempts.
| Have you ever successfully prosecuted anyone?

i agree with aho. and, that's one means of gathering appropriate
information. i put other tracking measures in place as well. i also have my
sites notify an admin via email when unusual activity occurs...such as a
volume of hits on various pages or functions of a page (like scripts that
email).

i have not had to prosecute anyone yet. what i have done is provided a very
concise and profession listing of an ip's activities that outline the
context of their behavior - intent. i have had several hack attempts whose
outcome resulted in isps dropping their offending member. my out of pocket
is only a simple email to the isp with the records asking them to
investigate the owner of the ip address and report back to me with their
findings...they usually are very obliging and responsive. were i ever
dissatisfied with the result, i would be able to compel the isp to cough up
the offender whom i'd be able to indeed prosecute. that's all a decision of
money and risk...cost of prosecution vs. the value of what it is that they
are trying to compromise coupled with the load expenditures of my site
during their abuse.

i don't think a 'less is more' mentality here is a good, measured response.
as for the 'hassle', you say it is 'rather stupid' to try to fix spamming
attempts. i'm wondering how you detect it. consider the difference:

what i posted earlier to 'fix' spamming attempts:

$emailInput = array($to, $from, $cc, $bcc, $subject, $message);
$injections = array('to', 'from', 'cc', 'bcc');
foreach ($emailInput as $input)
{
foreach ($injections as $injection)
{
$input = preg_replace("/n?" . $injection . "\s*?:.*?\n/i", '', $input);
}
}

an this revision:

$emailInput = array($to, $from, $cc, $bcc, $subject, $message);
$injections = array('to', 'from', 'cc', 'bcc');
foreach ($emailInput as $input)
{
$filtered = '';
foreach ($injections as $injection)
{
$filtered = preg_replace("/n?" . $injection . "\s*?:.*?\n/i", '',
$input);
}
if ($filtered != $input)
{
// we have detection
// track/log it
// if this were a function, return false;
}
}

either way, you still have to detect that it is going on. i don't think that
is 'rather' anything other than appropriate. but that might just be me and
my 0.02usd.

[Back to original message]