Customer reviews targeted
Spammers blast their spam at any webform they can find. Now including customer reviews.
Example: Barclaymaps
Disgusting…
Spammers blast their spam at any webform they can find. Now including customer reviews.
Example: Barclaymaps
Disgusting…
September 22nd, 2006 at 4:24 pm
That’s just stupid because a couple of lines of code in the form submit page could block all of that spam.
I don’t blame the spammers here, I blame the lame programmers and oblivious site owners for letting it continue.
September 23rd, 2006 at 5:59 am
You are right Such a fucking motherfuckers.
September 23rd, 2006 at 9:40 am
Has anyone written to the poor website owner? Education is part of the solution. And that’s educating both the “lame programmers” and “oblivious site owners”. It’s not simple to an “oblivious site owner” when he or she probably didn’t put the site up in the first place, it was probably put up by a consultant or friend (or employee).
September 23rd, 2006 at 10:13 am
I did. These days I’ve had to stop notifying Plone owners and forum owners, and concentrate on those with hacked sites. Since I did a post about this one, and it was a “new” technology and all, I at least tried to notify the owner. If I actually succeeded is another thing entirely. I absolutely refuse to fill out a contact form as detailed as the one they have there, so I contacted the whois e-mail.
September 23rd, 2006 at 11:23 am
IncrediBILL
How?
September 23rd, 2006 at 4:55 pm
Jon, just look at the data in their posts.
People are stuffing URLs in as author names, not so much on the page Spamhuntress linked to but on other pages so Author Names shouldn’t allow these, a simple filter would reject those posts.
Besides, it’s a place post a product review so allowing HTML and URLs is silly, just bounce anything that contains that data, problem solved.
You have to ask yourself why would a MAP site need product reviews in the first place? I would just take it off the site as it’s silly and obviously hurting the business at this point.
September 23rd, 2006 at 5:13 pm
OK, did a little more research and they’re using X-CART and that’s a feature in the software out-of-the-box so anyone running it with this feature enabled could get easily abused in this fashion.
September 23rd, 2006 at 6:12 pm
Thank you IncrediBILL.
1. I have some problems with different Perl scripts, and are looking for some ideas of how to add TOKENS to my old scripts.
(A Perl Script generates a encrypted token as a hidden tag in html, then if this token is “out of date/time”, the html input is rejected by the Perl script).
At the moment I am trying to find examples of any scripts that are using such tokens.
2. I am also looking for Perls Scripts that would check visitors agains a few Realtime Blacklists before letting them have acces to my server (I controll the htaccess file on my part of a shared hosting server).
Any input regarding any of the two “solutions”?
September 25th, 2006 at 2:19 am
Jon, what you are trying to do in 1) is a good idea and your tokens are commonly known as session-ids. Searching for “session-id” should get you started.
Regarding 2), I don’t see how htaccess files could help you, but you could check out my spam catching module for the oddmuse wiki: http://chongqed.org/catchspam.pl
It contains a few lines of code that check the visitor’s IP against the spamhaus exploits block list.
September 25th, 2006 at 11:47 am
Thanks a lot Manni
1. I will look for “session-ids”
2. Your script does give me some clues in the right direction (great script).
With 2 I was hoping to implement a scriptcheck fro all request to the server, the .htaccess will allow rewrites. Your script uses a seperate file to store information, I would have used the .htaccess file for (time limited ban).
But maybe that is “overkill”, as long as scripts are protected by “session-ids” and/or RBL (could also write contact information like contact forms and e-mail-addresses via scripts).
Very nice of you to give feedback and share your script Manni, thanks again!
September 26th, 2006 at 4:31 am
I know a way to get rid of spam. I am sure it would work! Its so simple! Start a campaign where everyone was told not to buy things from spammers and then they wouldnt bother any more!