Gossamer Forum
Home : General : Perl Programming :

NMS Formmail

Quote Reply
NMS Formmail
Is anyone familiar with NMS formmail http://nms-cgi.sourceforge.net/

It is widely used as a replacement for old matt's formmail (but not updated for a while). I have been using NMS formmail for a long time but lately I am getting someone filling in the form to send spam.
I want them not to be able to send email without disclosing their env_variable such as Remote Address (which most spammers hide).

1) Is there way to make sure that they can't fill the form/send it, if they are hiding/not disclosing their Remote Address (IP address).

2) Is there way to make sure they don't fill in any HTML in the form or alternatively I can just block certain strings via an additional sub.

Thanks in Advance

Last edited by:

socrates: Jan 14, 2011, 1:21 AM
Quote Reply
Re: [socrates] NMS Formmail In reply to
Without going too in depth with that script, I see you have this in /lib/CGI/NMS/Validator.pm:

Code:
sub validate_email {
my ($self, $email) = @_;

$email =~ /^([a-z0-9_\-\.\*\+\=]{1,100})\@([^@]{2,100})$/i or return 0;
my ($user, $host) = ($1, $2);

return 0 if $host =~ m#^\.|\.$|\.\.#;

if ($host =~ m#^\[\d+\.\d+\.\d+\.\d+\]$# or $host =~ /^[a-z0-9\-\.]+$/i ) {
return "$user\@$host";
}
else {
return 0;
}
}

Simple thing would be to add this in:

Code:
sub validate_email {
my ($self, $email) = @_;

if ($ENV{REMOTE_ADDR} !~ /\d+\.\d+\.\d+\.\d+/) {
return 0;
}


$email =~ /^([a-z0-9_\-\.\*\+\=]{1,100})\@([^@]{2,100})$/i or return 0;
my ($user, $host) = ($1, $2);

return 0 if $host =~ m#^\.|\.$|\.\.#;

if ($host =~ m#^\[\d+\.\d+\.\d+\.\d+\]$# or $host =~ /^[a-z0-9\-\.]+$/i ) {
return "$user\@$host";
}
else {
return 0;
}
}

Cheers
Quote Reply
Re: [Andy] NMS Formmail In reply to
Thanks Andy, will try that. I was able to stop users via .htaccess, who don't disclose their IP address and I think it is working (I haven't received the spam from that a****** for the last 3-4 days).
Quote Reply
Re: [socrates] NMS Formmail In reply to
Hi

NP =)

Mind sharing how you did it in the htaccess rules? Be interesting to see, in case I need to do it (or anyone else Wink) in the future

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package (plugins total "value" $3,325 & rising, for just $350)| GLinks ULTRA Package PRO (plugins total "value" $5,625 & rising, for just $500)
Support Forum | Links SQL Plugins | DMOZ Dumps | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Compare our different Plugin packages *new* Free CSS Templates
Quote Reply
Re: [Andy] NMS Formmail In reply to
Simple - just added this after rewrite rules - don't know what the downside to it is. Also, eariler I was not making users to fill in the email field in the NMS form but made that required. After doing both no spam so far from that spammer - so, either or seems to be working.

#block if they don't disclose env variables
#RewriteCond %{HTTP_USER_AGENT} ^$ [NC]
RewriteCond %{HTTP_REFERER} ^$ [NC]
RewriteCond %{REMOTE_ADDR} ^$ [NC]
RewriteRule .* - [F]
Quote Reply
Re: [socrates] NMS Formmail In reply to
Ah ok cool =) Will save this, as I'm sure I'll have a need for similar stuff at some point too. Its amazing how much spam you get on blogs/forums now :(

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package (plugins total "value" $3,325 & rising, for just $350)| GLinks ULTRA Package PRO (plugins total "value" $5,625 & rising, for just $500)
Support Forum | Links SQL Plugins | DMOZ Dumps | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Compare our different Plugin packages *new* Free CSS Templates