|
|
-
Is e-mail past due?
Date: 11/16/05
(Web Technology) Keywords: virus, spam
Commentary--MailFrontier CEO Anne Bonaparte warns that spam, viruses and phishing has made e-mail something we wouldn't necessarily miss.
Source: http://news.zdnet.com/2100-9588_22-5956214.html
-
Stupid Nasty Spammer of The Day - My-Pills-be
Date: 11/17/05
(Java Web) Keywords: spam
This stupid and nasty spammer - my-pills.be spammed me 918 time in less than 24 hours and all the while repeatedly fetching only my home page! Guess what happens?
They are into my permanent ban list. Hasta-la-vista morons - my-pills.be!
After I aggresively started banning the new crop of referer spammers, my bandwidth usage has come down [...]
Source: http://blog.taragana.com/index.php/archive/stupid-nasty-spammer-of-the-day-my-pills-be/
-
EarthLink's pursuit lands spammer in can
Date: 11/18/05
(Security) Keywords: spam
Can-Spam prosecutions related to EarthLink lawsuits put one man in prison for a year and slap another with a $15.4 million judgment.
Source: http://news.zdnet.com/2100-1009_22-5959367.html
-
Enter Ethical Spammers; Is Spamming going Mainstream?
Date: 11/28/05
(Java Web) Keywords: spam
Imagine a pickpocket leaving a note in the pocket they have picked informing the victim that they are very sorry about picking their pocket and what he can do to rectify the situation.
Neil found ethical spammers in his wiki (read about wiki spamming) who left a note after they spammed:
< !– We leave content intact [...]
Source: http://blog.taragana.com/index.php/archive/enter-ethical-spammers-is-spamming-going-mainstream/
-
Stupid Nasty Spammer of The Day - My-Pills.be
Date: 11/17/05
(Java Web) Keywords: spam
This stupid and nasty spammer - my-pills.be spammed me 918 time in less than 24 hours and all the while repeatedly fetching only my home page! Guess what happens?
They are into my permanent ban list. Hasta-la-vista morons - my-pills.be!
After I aggresively started banning the new crop of referer spammers, my bandwidth usage has come down [...]
Source: http://blog.taragana.com/index.php/archive/stupid-nasty-spammer-of-the-day-my_pills-be/
-
SPAM
Date: 12/14/05
(College Textbook) Keywords: spam
I have been noticing a lot of spam activity in this community. If you see anything resembling spam, please let me know. All you have to do is provide the link. (I'll put this entry in the memory bank.)
Thanks for your help in keeping the community "clean". :)
Source: http://www.livejournal.com/community/collegetextbook/30902.html
-
Help "locking down" a form
Date: 12/16/05
(PHP Community) Keywords: php, html, web, hosting, spam
Thanks to the responses on the captcha code. I think I know what I can do with it, but as someone pointed out, there will be accessibility problems, which is an issue because the site I'm working on is a gov't site.
My hosting company says the script to handle the contact form is vulnerable and that I should lock it down. They recommended the captcha method or a "guest" login requirement via .htaccess. I'll look into that, but in the meantime, they mentioned that my handler was "badly coded and allows more than one email address to be added to it." Since I've learned PHP by the seat of my pants, I'm not surprised, but I also don't know what to do to clean it up and make it better. Any help?
The HTML Form
< form action="contactmail.php" method="post" name="contact">
< table width="411" border="0" cellspacing="2" cellpadding="4">
< tr>
< td align="right" valign="middle" width="143">
< p>Your Name:< /p>
< /td>
< td align="left" valign="middle" width="254">< input type="text" name="yourname" size="36" tabindex="1">< /td>
< /tr>
< tr>
< td align="right" valign="middle" width="143">
< p>Your Email:< /p>
< /td>
< td align="left" valign="middle" width="254">< input type="text" name="youremail" size="36" tabindex="2">< /td>
< /tr>
< tr>
< td align="right" valign="middle" width="143">
< p>Your Organization:< /p>
< /td>
< td align="left" valign="middle" width="254">< input type="text" name="yourorganization" size="36" tabindex="3">< /td>
< /tr>
< tr>
< td align="right" valign="top" width="143">
< p>Comment or Question:< /p>
< /td>
< td align="left" valign="middle" width="254">< textarea name="comment" rows="17" cols="33" tabindex="4">< /textarea>< /td>
< /tr>
< tr>
< td align="right" valign="middle" width="143"> |
< td align="left" valign="middle" width="254">< input type="submit" name="submitEmail" value="Send Email">< /td>
< /tr>
< tr>
< td align="right" valign="middle" width="143">
< td align="left" valign="middle" width="254">
< /tr>
< /table>
< /form>
The PHP script
if (!empty($HTTP_POST_VARS))
{
//Check for spammers first
if (eregi("MIME-Version: ",$_POST['youremail'].$_POST['yourname'].
$_POST['yourorganization'].$_POST['comment'])){die('Get out, spammer.');}
$now = date( "D dS M h:m:s" ); // Set these variables according to your details
$toAddress = "***@****.***" ;
$redirect = "contactconfirm.php";
$subject = "Contact Message from BII Website" ;
// Form information.
$formEmail = trim($HTTP_POST_VARS[ 'youremail' ]);
$emailparts=explode("@",$formEmail);
if ($emailparts[1]=="*****.***"){ //Another spammer stop.
die('You seem to be trying to use this form to spam. Stop it.');
}
$formName = trim($HTTP_POST_VARS[ 'yourname' ]);
$formOrg = trim($HTTP_POST_VARS[ 'yourorganization' ]);
$formMessage = trim($HTTP_POST_VARS[ 'comment' ]); // Email message
$message = "Name: " .$formName. "\n" ;
$message .= "Email: " .$formEmail. "\n" ;
$message .="IP Address: ".$REMOTE_ADDR. "\n";
$message .= "Organization:" .$formOrg. "\n" ;
$message .= "Comments:\n" ;
$message .= $formMessage. "\n" ;
$headers="From: \"".$formName."\" <".$formEmail.">\n";
$bMailSent = mail($toAddress, $subject, $message, $headers);
if (!$bMailSent){ echo "Unable to send email"; }
else { header("Location: $redirect"); }
}
?>
Source: http://www.livejournal.com/community/php/380005.html
More help with securing PHP's mail() function
Date: 12/17/05
(PHP Community) Keywords: spam
So, what am I still missing? 'Cause apparently spam was still getting through, so they shut down the contact processing script at my host.
First off, I secured the script in a folder protected by .htaccess requiring the user to use the "guest" method of logging in.
I added the checks suggested here. What lack I yet?
]*?>.*?@si', // Strip out javascript
'@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
'@([\r\n])[\s]+@', // Strip out white space
'@&(quot|#34);@i', // Replace HTML entities
'@&(amp|#38);@i',
'@&(lt|#60);@i',
'@&(gt|#62);@i',
'@&(nbsp|#160);@i',
'@&(iexcl|#161);@i',
'@&(cent|#162);@i',
'@&(pound|#163);@i',
'@&(copy|#169);@i',
'@&#(\d+);@e');
$replacewith=array('',
'',
'\1',
'"',
'&',
'<',
'>',
' ',
chr(161),
chr(162),
chr(163),
chr(169),
'chr(\1)');
$formfield=preg_replace($toclean,$replacewith,$formfield);
return $formfield;
}
if (!empty($HTTP_POST_VARS)){
//Set up variables
$now = date( "D dS M h:m:s" ); // Set these variables according to your details
$toAddress = "bii@biistate.net" ;
$redirect = "contactconfirm.php";
$subject = "Contact Message from BII Website" ;
$formEmail = cleanitup(trim($HTTP_POST_VARS['youremail']));
$formName = cleanitup(trim($HTTP_POST_VARS['yourname']));
$formOrg = cleanitup(trim($HTTP_POST_VARS['yourorganization']));
$formMessage = cleanitup(trim($HTTP_POST_VARS['comment']));
if (eregi("\r",$formEmail) || eregi("\n",$formEmail)){
die("Why ?? :(");
}
//Check to make sure there's only one email address and nothing else in the email form field.
if (ereg('^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,4})$',$formEmail)) {
// is good
// Email message
$message ="\n\r";
$message .= "Name: " .$formName. "\n" ;
$message .= "Email: " .$formEmail. "\n" ;
$message .= "IP Address: ".$REMOTE_ADDR. "\n";
$message .= "Organization:" .$formOrg. "\n" ;
$message .= "Comments:\n" ;
$message .= $formMessage. "\n" ;
$headers="From: \"".$formName."\" <".$formEmail.">\n";
$bMailSent = mail($toAddress, $subject, $message, $headers);
if (!$bMailSent){
echo "Unable to send email";
}
else { header("Location: $redirect"); }
}
else{
die('This appears to be spam and will not be sent. Go away.');
}
}
?>
Needess to say, the embarrassment and frustration are at maximum levels and egging on the personal insecurity 'cause I can't even make a stupid contact form invulnerable to spammers. *sigh*
Source: http://www.livejournal.com/community/php/380498.html
FTC says federal spam law has worked
Date: 12/21/05
(Web Technology) Keywords: security, spam
Security firms report spam increase--but the FTC says 2003 law regulating junk e-mail is effective.
Source: http://news.zdnet.com/2100-9588_22-6003071.html
SMTP
Date: 12/29/05
(Web Development) Keywords: spam
I need to rent an SMTP service with a good (no-spam) reputation. Please help.
Source: http://www.livejournal.com/community/webdev/281991.html
China Cracks Down on Cell Phone Text Message Spam
Date: 12/31/05
(Java Web) Keywords: spam
China will begin requiring prepaid cell phone subscribers to register their devices using their real names in 2006 said the country's Minister of Information Industry, Wang Xudong.
The goal according to Wang Xudong is to cut down on surging cell phone spam and fraud, most of it delivered via text messaging.
He estimated that of [...]
Source: http://blog.taragana.com/index.php/archive/china-cracks-down-on-cell-phone-text-message-spam/
Windows flaw spawns dozens of attacks
Date: 01/03/06
(Security) Keywords: spam
Attacks designed to exploit Windows Meta File flaw range from malicious spam to an MSN Messenger worm.
Sites harbor Windows Trojan
Source: http://news.zdnet.com/2100-1009_22-6016140.html
Supreme Court won't hear spam appeal
Date: 01/09/06
(Security) Keywords: spam
Justices let stand an existing ruling saying a dating service doesn't have the right to spam a university.
Source: http://news.zdnet.com/2100-1009_22-6024658.html
Photo Gallery
Date: 01/09/06
(PHP Community) Keywords: php, templates, mysql, css, html, sql, java, spam
I've been hunting all around for a decent photo gallery. There seem to be quite a few different projects, some of which are still active, available. None of them seem to accomplish what I'm looking for, though. I have tested quite a few, but all are lacking. To this end, I thought I'd ask here if anyone has anything similar to what I've been looking for.
Major Features:
Abstracts image URLs - hides the path and filename to prevent direct access
Public/private flags - allows some images to stay hidden
Tags - I'd like to be able to tag the images ala del.icio.us, LJ, Flickr
Does not require gd - auto-thumbnails and watermarks can be disabled
Traverses directories - new images can be dropped in a subfolder or the root image folder and will be picked up automatically
Comments - allows for public (configurable) or private comments, either ties into phpbb or uses some sort of email validation/captcha scheme to reduce spam
EXIF - extracts all image data form the photographs and can display it
Uses simple cacheable CSS/XHTML templates
Does not store images in DB
Uses MySQL or abstraction layer that allows MySQL for comments, tags, etc
Takes reasonable measures to be secure and speedy
Minor Features:
Users can upload images
Temporary/expiring image URLs for sharing
Hotlinking configuration - allow all, deny all, allow specific sites
User-switchable templates
Javascript navigation and image pop-ups optional
Keeps stats on a pre image basis - top keywords, views, etc
All images can be watermarked automatically
Thumbnails may be re-generated automatically
Can assign/rename/describe multiple photos at once
I'm sure there are more details, but that should give a start. The scripts I've found so far are either too simple and don't have many features or too complex and require components and methods of use that I won't be using. There are a few others that store the images in the DB, which is something I'm definately against. I want to be able to FTP a directory of images and know that it will be online and ready to go as soon as the transfer is complete, or that it takes a simple click to do a rescan so they are available.
If I have to, I'll start from scratch... I was just hoping that there would be something available that I have not yet found that could serve as a foundation to build from.
Thanks
Source: http://www.livejournal.com/community/php/392436.html
Spammers bombard new targets
Date: 01/11/06
(Security) Keywords: spam
Spam on messages boards has been escalating dramatically--often giving bogus comments or referring to questionable domains.
Source: http://news.zdnet.com/2100-1009_22-6025913.html
Mail spoofing
Date: 01/12/06
(Computer Help) Keywords: web, spam
I own a domain name and it seems to have been hyjacked by spammers. I've checked with the webhosters and they say that the mail relay is closed.
I am getting a lot of rejected emails from recipients receiving emails from spoofed addresses within my domain. I am concerned about my domain being blacklisted.
Is there anything that I can do to protect my domain name?
Source: http://www.livejournal.com/community/computer_help/565646.html
Spammer faces up to two years in jail
Date: 01/13/06
(Security) Keywords: spam
Man charged with sending millions of spam messages over high-profile company networks in violation of the Can-Spam Act.
Source: http://news.zdnet.com/2100-1009_22-6026708.html
Tools to combat Spam
Date: 10/06/05
(Apache) Keywords: web, spam
Hi there. I'm hoping to get an idea about what recommendations I can get for stopping spam. Here's my idea:
Does anyone remember Earthlink's "verify" tool? An email is sent to an earthlink.net address, and the sender gets a response saying something to the effect of "thank you for your email, however we must verify your identity, please click here to enter your name and a message to send to the user. If you are approved, your email will be sent."
My hope is that I can find something that I can install on my web server, which currently has SpamAssassin, that will allow me to do this or something similar. I've surfed through and seen some info about certain tools that also help *filter* spam, but I'm hoping to find a way to, I guess, automate the administration of a whitelist of sorts.
Any advice? I'll be x-posting this in various communities and on my personal site.
Thanks :)
Source: http://community.livejournal.com/apache/26049.html
Mail spoofing
Date: 01/12/06
(Computer Help) Keywords: web, spam
I own a domain name and it seems to have been hyjacked by spammers. I've checked with the webhosters and they say that the mail relay is closed.
I am getting a lot of rejected emails from recipients receiving emails from spoofed addresses within my domain. I am concerned about my domain being blacklisted.
Is there anything that I can do to protect my domain name?
Source: http://community.livejournal.com/computer_help/565646.html
SPAM
Date: 12/14/05
(College Textbook) Keywords: spam
I have been noticing a lot of spam activity in this community. If you see anything resembling spam, please let me know. All you have to do is provide the link. (I'll put this entry in the memory bank.)
Thanks for your help in keeping the community "clean". :)
Source: http://community.livejournal.com/collegetextbook/30902.html