Comments on: Customer reviews targeted

by: James Caffrey Cala Dor Mallorca

Tue, 26 Sep 2006 10:31:23 +0000

I know a way to get rid of spam. I am sure it would work! Its so simple! Start a campaign where everyone was told not to buy things from spammers and then they wouldnt bother any more!

by: Jon

Mon, 25 Sep 2006 17:47:25 +0000

Thanks a lot Manni

1. I will look for “session-ids”

2. Your script does give me some clues in the right direction (great script).

With 2 I was hoping to implement a scriptcheck fro all request to the server, the .htaccess will allow rewrites. Your script uses a seperate file to store information, I would have used the .htaccess file for (time limited ban).

But maybe that is “overkill”, as long as scripts are protected by “session-ids” and/or RBL (could also write contact information like contact forms and e-mail-addresses via scripts).

Very nice of you to give feedback and share your script Manni, thanks again!

by: Manni

Mon, 25 Sep 2006 08:19:41 +0000

Jon, what you are trying to do in 1) is a good idea and your tokens are commonly known as session-ids. Searching for “session-id” should get you started.
Regarding 2), I don’t see how htaccess files could help you, but you could check out my spam catching module for the oddmuse wiki: http://chongqed.org/catchspam.pl
It contains a few lines of code that check the visitor’s IP against the spamhaus exploits block list.

by: Jon

Sun, 24 Sep 2006 00:12:40 +0000

Thank you IncrediBILL.

1. I have some problems with different Perl scripts, and are looking for some ideas of how to add TOKENS to my old scripts.

(A Perl Script generates a encrypted token as a hidden tag in html, then if this token is “out of date/time”, the html input is rejected by the Perl script).

At the moment I am trying to find examples of any scripts that are using such tokens.

2. I am also looking for Perls Scripts that would check visitors agains a few Realtime Blacklists before letting them have acces to my server (I controll the htaccess file on my part of a shared hosting server).

Any input regarding any of the two “solutions”?

by: IncrediBILL

Sat, 23 Sep 2006 23:13:35 +0000

OK, did a little more research and they’re using X-CART and that’s a feature in the software out-of-the-box so anyone running it with this feature enabled could get easily abused in this fashion.

by: IncrediBILL

Sat, 23 Sep 2006 22:55:13 +0000

Jon, just look at the data in their posts.

People are stuffing URLs in as author names, not so much on the page Spamhuntress linked to but on other pages so Author Names shouldn’t allow these, a simple filter would reject those posts.

Besides, it’s a place post a product review so allowing HTML and URLs is silly, just bounce anything that contains that data, problem solved.

You have to ask yourself why would a MAP site need product reviews in the first place? I would just take it off the site as it’s silly and obviously hurting the business at this point.

by: jon

Sat, 23 Sep 2006 17:23:29 +0000

IncrediBILL

How?

by: admin

Sat, 23 Sep 2006 16:13:51 +0000

I did. These days I’ve had to stop notifying Plone owners and forum owners, and concentrate on those with hacked sites. Since I did a post about this one, and it was a “new” technology and all, I at least tried to notify the owner. If I actually succeeded is another thing entirely. I absolutely refuse to fill out a contact form as detailed as the one they have there, so I contacted the whois e-mail.

by: EdisonRex

Sat, 23 Sep 2006 15:40:47 +0000

Has anyone written to the poor website owner? Education is part of the solution. And that’s educating both the “lame programmers” and “oblivious site owners”. It’s not simple to an “oblivious site owner” when he or she probably didn’t put the site up in the first place, it was probably put up by a consultant or friend (or employee).

by: YAYA!!

Sat, 23 Sep 2006 11:59:32 +0000

You are right Such a fucking motherfuckers.