Does anyone know how I can disable submissions to Links from a submission service such as Register IT or Submit ME? Appartently to my knowledge, a user can type in any category they want, even if it doesn't exist, and the submission will go through.

Here's an in depth discussion about it. I bookmarked in case it ever becomes an issue for me down the road

www.gossamer-threads.com/scripts/forum/resources/Forum11/HTML/000653.html

I've installed Phoenix's "Add Confirm" mod http://www.gossamer-threads.com/...es/Detailed/173.html which asks the user to proof his addition then press the "Submit" button if it's OK. It seems to me that this extra step would also shield Links from auto-submit spammers --or am I being overconfident?

Bob

Surely people who use a submission prog from another site could just see that their details are on screen, and click the button though?

I don't see that it's going to prevent spammers.. just maybe slow them down a bit.

Id like to see a maximum number of sites added per day mod, so that when x number of links are waiting to be validated, no more can be submitted.

Simon

bjordan,

I haven't tried that mod yet, but while I was developing a url submission script for SE's (Search Engines), I discovered that some SE's does what I think Phoenix mod does, creates a validation before the real submission. So basically, it creates hidden tags before it actually that submits to Links. All I have to do or others who create url submmission script is to find the necessary hiden tags and form action to submit.

I advise maybe someone can modify add.cgi so it will randomly produce the hidden's tag name just for that one session. The next session, it will produce another random hidden tag name. For example,

Your current forms look like this:
<input type="hidden" name="email" value="">

modfiy the add.cgi so that it randomly produces the name like this:
<input type="hidden" name="xFdkxeD1" value="">

This hidden tag is only available for just that session. The next time, the name of the hidden tag changes. Therefor eliminates spam from submission services, because most likely these submission services have pre-set data file that knows what boxes to fill the info. . . So basically, you won't need a validation. A person visiting the site can add the resource one time without validating.

So basically, the idea that Simon had of slowing down isn't not really slowing down. . . I can easily modify my url submission script without the submitter to see the details, but see the success page by using the hidden tag form. And the idea to allow a certain amount of submissions will degrade the site a little because some people may not come back to your site the next day to submit if it takes just hours before the limit is reached. . .

BTW, I am not making my script to submit to any Links based site. I truly love Links II!

------------------
http://www.techdevelopers.com
ASP, HTML, CGI, Flash, and more!

HPCalc.com - English
Official HP Calculator Site
http://www.hpcalc.com/english



[This message has been edited by XanthisHP (edited August 14, 1999).]

One more thing if I may add. . .

The example I showed you uses Hidden tags. I know that from CGI programming experience that the method is possible by creating a temporary value at the start when add.cgi is called. If you would like to use the validation of Phoneix, then you would make it so to create random name for the hidden tags. If you are using Links way of submitting without a pause to validate, then you would make a script so it randomly creates the name for the txt box like

<input name="Txfedfx" value="" size="40">

Hope this is a sufficient way to eliminate basically all spam problems. I can't think of any other way that ppl who develop submission scripts like myself can get through and submit info from a remote site or software. I couldn't even upgrade my data file if the form changes because it will be a different and random one every time the page is called. Maybe, this could be a start of a new mod. . .

[This message has been edited by XanthisHP (edited August 14, 1999).]

Hi,

I was just thinking of a limit thing so i don't get swamped in millions of links to validate

How would a hidden field actually prevent an auto submission from adding links? surely if the script is to read the data in, then it's got to accept the correct values, so surely this random value is going to throw it off? The auto submitters would just submit the details asked for on the add form?

Im not a cgi programmer though, so im probably very wrong

Simon

Jerry,

apparently it's not enough to stop auto submission programs.. many people have recieved 1000's of spam urls from such programs.

also, don't forget to include your ip address as a refferer that's allowed access..

Simon

i'm not sure what you guys are getting at..

but

@db_referers in links.cfg............

just put your domain and you're set..

('domain.com', 'www.domain.com')

Simon,

By creating a temp name for the hidden field, the script will obtain the right value from it because it will call that temp value only during that session. The auto submitters need to know what is the name of the boxes that it needs to fill the right info in the right place. Since the addition form changes the name everytime, the auto submitter doesn't know what boxes to fill so it gives error to the spammer.

Jerry,
The method you talking will stop submission from domains. What if there is new domains in the future that begins spamming. Then we begin blocking those domains. Then what if a true and honest aol user comes along to the add url on the submission page, but finds that he cannot add his resource because his domain is blocked. This method isn't fair for those ppl. . . Maybe there is another good way to block the "real" spammers.

db referers doesn't BLOCK.. it only lets the domains in that list add... so if you added your domain.. then you are safe.

jerry

I must be thinking of another way that I have seen it used. I looked back at configuration file and you're right Jerry. By allowing just your domain to submit, that would basically be the same as my method, that is, blocking other remote submissions. . .

soo... this thread was useless right?

jerry

In add.cgi, there is this code:


There is, what I call a bug, in the code and is in the line that reads, if (@db_referers and $ENV{'HTTP_REFERER'}) {

The problem is, the referer check will not execute if both @db_referers and $ENV{'HTTP_REFERER'} are not present. Most submission robots do not have a referer specified. Therefore, when an add comes from them and there is no referer, the referer check fails. To fix that, just change the line to read:


Now the referer check will function correctly and should catch all robot submissions except those that fake the referer with your domain name. In this case, you can check the $ENV{'HTTP_USER_AGENT'} as well, by putting the following code right after the referer check code:


You can change the "submiteasy" to whatever robot is actually submitting and you can easily add to it by changing it to read:

"submiteasy|register it|submit it"

This works for me very well. I have not had a robot submission on my site in many months.

I hope this helps.

[This message has been edited by Bobsie (edited August 22, 1999).]

Hello, I looked at the add.cgi but there's nothing there that looks like the code I need to change ?!?