Gossamer Forum
(Advanced Search)
for
Home : General : Perl Programming :

NMS Formmail

Jan 14, 2011, 1:19 AM
socrates
Enthusiast (800 posts)
Jan 14, 2011, 1:19 AM
Post #1 of 6
Views: 1151
Shortcut
Quote Reply
NMS Formmail
Is anyone familiar with NMS formmail http://nms-cgi.sourceforge.net/

It is widely used as a replacement for old matt's formmail (but not updated for a while). I have been using NMS formmail for a long time but lately I am getting someone filling in the form to send spam.
I want them not to be able to send email without disclosing their env_variable such as Remote Address (which most spammers hide).

1) Is there way to make sure that they can't fill the form/send it, if they are hiding/not disclosing their Remote Address (IP address).

2) Is there way to make sure they don't fill in any HTML in the form or alternatively I can just block certain strings via an additional sub.

Thanks in Advance

Last edited by:

socrates: Jan 14, 2011, 1:21 AM
Jan 14, 2011, 6:14 AM
Andy
Veteran / Moderator (17364 posts)
Andy's avatar
Jan 14, 2011, 6:14 AM
Post #2 of 6
Views: 1140
Shortcut
Quote Reply
Re: [socrates] NMS Formmail In reply to
Without going too in depth with that script, I see you have this in /lib/CGI/NMS/Validator.pm:

Code:
sub validate_email {
my ($self, $email) = @_;

$email =~ /^([a-z0-9_\-\.\*\+\=]{1,100})\@([^@]{2,100})$/i or return 0;
my ($user, $host) = ($1, $2);

return 0 if $host =~ m#^\.|\.$|\.\.#;

if ($host =~ m#^\[\d+\.\d+\.\d+\.\d+\]$# or $host =~ /^[a-z0-9\-\.]+$/i ) {
return "$user\@$host";
}
else {
return 0;
}
}

Simple thing would be to add this in:

Code:
sub validate_email {
my ($self, $email) = @_;

if ($ENV{REMOTE_ADDR} !~ /\d+\.\d+\.\d+\.\d+/) {
return 0;
}

$email =~ /^([a-z0-9_\-\.\*\+\=]{1,100})\@([^@]{2,100})$/i or return 0;
my ($user, $host) = ($1, $2);

return 0 if $host =~ m#^\.|\.$|\.\.#;

if ($host =~ m#^\[\d+\.\d+\.\d+\.\d+\]$# or $host =~ /^[a-z0-9\-\.]+$/i ) {
return "$user\@$host";
}
else {
return 0;
}
}

Cheers
Jan 17, 2011, 11:25 PM
socrates
Enthusiast (800 posts)
Jan 17, 2011, 11:25 PM
Post #3 of 6
Views: 1112
Shortcut
Quote Reply
Re: [Andy] NMS Formmail In reply to
Thanks Andy, will try that. I was able to stop users via .htaccess, who don't disclose their IP address and I think it is working (I haven't received the spam from that a****** for the last 3-4 days).
Jan 18, 2011, 12:15 AM
Andy
Veteran / Moderator (17364 posts)
Andy's avatar
Jan 18, 2011, 12:15 AM
Post #4 of 6
Views: 1110
Shortcut
Quote Reply
Re: [socrates] NMS Formmail In reply to
Hi

NP =)

Mind sharing how you did it in the htaccess rules? Be interesting to see, in case I need to do it (or anyone else Wink) in the future

Cheers

Andy (mod)
andy@ultranerds.co.uk

IMPORTANT: I've now moved to ultranerds.co.uk, and the .com will no longer work!
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package (plugins total "value" $3,325 & rising, for just $350)| GLinks ULTRA Package PRO (plugins total "value" $5,625 & rising, for just $500)
Support Forum | Links SQL Plugins | DMOZ Dumps | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Compare our different Plugin packages *new* Free CSS Templates
Jan 20, 2011, 3:06 AM
socrates
Enthusiast (800 posts)
Jan 20, 2011, 3:06 AM
Post #5 of 6
Views: 1086
Shortcut
Quote Reply
Re: [Andy] NMS Formmail In reply to
Simple - just added this after rewrite rules - don't know what the downside to it is. Also, eariler I was not making users to fill in the email field in the NMS form but made that required. After doing both no spam so far from that spammer - so, either or seems to be working.

#block if they don't disclose env variables
#RewriteCond %{HTTP_USER_AGENT} ^$ [NC]
RewriteCond %{HTTP_REFERER} ^$ [NC]
RewriteCond %{REMOTE_ADDR} ^$ [NC]
RewriteRule .* - [F]
Jan 20, 2011, 3:46 AM
Andy
Veteran / Moderator (17364 posts)
Andy's avatar
Jan 20, 2011, 3:46 AM
Post #6 of 6
Views: 1085
Shortcut
Quote Reply
Re: [socrates] NMS Formmail In reply to
Ah ok cool =) Will save this, as I'm sure I'll have a need for similar stuff at some point too. Its amazing how much spam you get on blogs/forums now :(

Cheers

Andy (mod)
andy@ultranerds.co.uk

IMPORTANT: I've now moved to ultranerds.co.uk, and the .com will no longer work!
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package (plugins total "value" $3,325 & rising, for just $350)| GLinks ULTRA Package PRO (plugins total "value" $5,625 & rising, for just $500)
Support Forum | Links SQL Plugins | DMOZ Dumps | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Compare our different Plugin packages *new* Free CSS Templates