Anyone out there getting a lot of spam from Germany? Links has been live on my site for only about a week, and already I must be listed in some auto submission tool for German websites, go figure?
Sep 16, 2000, 10:25 AM
Novice (16 posts)
Sep 16, 2000, 10:25 AM
Post #4 of 67
Views: 16826
Hey, I found my spammer....
http://www.searchup.de/promo-ten/maschinen.html
I have not figured out my plan of defense/attack, just excited I found them. I have read many other posts with strategies, but if after looking this site over... if you have any specific plan of defense against them, let me know.
Lastly, you may want to check if your own site is listed here, they got a bunch that they auto submit to.
- Tim
http://www.searchup.de/promo-ten/maschinen.html
I have not figured out my plan of defense/attack, just excited I found them. I have read many other posts with strategies, but if after looking this site over... if you have any specific plan of defense against them, let me know.
Lastly, you may want to check if your own site is listed here, they got a bunch that they auto submit to.
- Tim
Sep 16, 2000, 11:24 AM
Veteran (17240 posts)
Sep 16, 2000, 11:24 AM
Post #5 of 67
Views: 16888
I would recommend applying the code hacks listed many times in the Links 2.0 Customization Forum and also in the Resource Center. (When I was using Links 2.0, I mimicked this User Account System, by using multiple page submissions with users having to first select a category, then fill out a user profile page -> that went to the same links.db file, then the user added link information, then added a description, then confirmed the submission, then finally submitted their link.)
I could care less if my sites are listed in Auto-Submission sites because there is no way to add sites in my directory through auto-submission...
They would have to first find a way to break my User Account system...I am using Links SQL now that forces users to first create a User Account, then choose a Category, then they can add their site in that category.
It is virtually impossible for any auto-submission services to crack into my directory.
Regards,
Eliot Lee
I could care less if my sites are listed in Auto-Submission sites because there is no way to add sites in my directory through auto-submission...
They would have to first find a way to break my User Account system...I am using Links SQL now that forces users to first create a User Account, then choose a Category, then they can add their site in that category.
It is virtually impossible for any auto-submission services to crack into my directory.
Regards,
Eliot Lee
Sep 16, 2000, 12:19 PM
Novice (16 posts)
Sep 16, 2000, 12:19 PM
Post #7 of 67
Views: 16896
Thanks, I did improve the add.cgi code to state only:
"if (@db_referers) {"
Lots of the mods looked like they may get in the way of sincere visitors using add.cgi
So far, just that little change in the add.cgi seems to be doing the trick.
Was there a certain mod you had in mind as a logical next step?
-Thanks,
Tim
"if (@db_referers) {"
Lots of the mods looked like they may get in the way of sincere visitors using add.cgi
So far, just that little change in the add.cgi seems to be doing the trick.
Was there a certain mod you had in mind as a logical next step?
-Thanks,
Tim
Sep 16, 2000, 2:33 PM
Novice (16 posts)
Sep 16, 2000, 2:33 PM
Post #12 of 67
Views: 16876
Thanks for the note, I knew there would be others out there that had been hit by them too.
I found the spammer (http://www.searchup.de/promo-ten/maschinen.html) by just checking my referrers in my thecounter.com account (java counter I have on all my pages).
note: I check often to find things just like this. Over the last month I have found 3 sites that took a flash file of mine off Flashkit.com and passed it off as their own work on their site. All someone has to do is click once from their site and thecounter puts it in my "last 30 referrers". This last week I have been waiting to find one from germany (.de) and yesterday I got him.
And to answer your other question,
In add.cgi, under the sub process_form,
replace:
# Check the referer.
if (@db_referers and $ENV{'HTTP_REFERER'}) {
with:
# Check the referrer.
if (@db_referers) {
- I found this tip somewhere in the forums last night. So far today, Saturday, I have not received any from germany, time will tell if it did the trick. I am also looking into a staggered add format, off of inspiration from Anthro. My wife speaks German, so she is going to help me figure their site out and if there are any additional steps I can take, maybe some just to piss them off too, no, that would be childish. ;>}
PS, I am posting this in the thread too, might be helpful for others too?
Tim
support@ezFriend.com
I found the spammer (http://www.searchup.de/promo-ten/maschinen.html) by just checking my referrers in my thecounter.com account (java counter I have on all my pages).
note: I check often to find things just like this. Over the last month I have found 3 sites that took a flash file of mine off Flashkit.com and passed it off as their own work on their site. All someone has to do is click once from their site and thecounter puts it in my "last 30 referrers". This last week I have been waiting to find one from germany (.de) and yesterday I got him.
And to answer your other question,
In add.cgi, under the sub process_form,
replace:
# Check the referer.
if (@db_referers and $ENV{'HTTP_REFERER'}) {
with:
# Check the referrer.
if (@db_referers) {
- I found this tip somewhere in the forums last night. So far today, Saturday, I have not received any from germany, time will tell if it did the trick. I am also looking into a staggered add format, off of inspiration from Anthro. My wife speaks German, so she is going to help me figure their site out and if there are any additional steps I can take, maybe some just to piss them off too, no, that would be childish. ;>}
PS, I am posting this in the thread too, might be helpful for others too?
Tim
support@ezFriend.com
Sep 17, 2000, 11:28 AM
User (79 posts)
Sep 17, 2000, 11:28 AM
Post #14 of 67
Views: 16870
My site is on the German "hit list" I have dug up an email address on the site which is webmaster@net-soft.de I have written them asking to be removed from their site. I hope someone there can read english. For good measure is there someone out there who could compose a german language threat...er I mean request that affected persons may want to use??
Stevo
Stevo
Sep 17, 2000, 12:30 PM
Veteran (1220 posts)
Sep 17, 2000, 12:30 PM
Post #15 of 67
Views: 16843
Well, if you really need help with translating your request/threat/demand into German, email me, I could lend you a hand...
Thomas
http://www.japanreference.com
Thomas
http://www.japanreference.com
Sep 17, 2000, 6:42 PM
Novice (16 posts)
Sep 17, 2000, 6:42 PM
Post #17 of 67
Views: 16762
Update: 2 days have passed and I have tested this fix against their site, my site is now safe from the German spammers at http://www.searchup.de/promo-ten/maschinen.html
Here are the 2 steps that at least presently, will keep the German spam machine from getting to you.
1)In ADD.CGI, under the sub process_form,
replace:
# Check the referer.
if (@db_referers and $ENV{'HTTP_REFERER'}) {
with:
# Check the referrer.
if (@db_referers) {
2) In LINKS.CFG at the Referers area
Add your domain, with single quotes as shown below. This will tell links2.0 to only accept submissions from your domain, ie. the add.cgi at your site:
# Referers -- which hosts are allowed to add to your database.
@db_referers = ('ezfriend.com','www.ezfriend.com','64.176.68.173');
------------------------
These two fixes I found in the forum and have worked for me, so hopefully they will work for your sites too.
Good luck,
Tim
support@ezfriend.com
Here are the 2 steps that at least presently, will keep the German spam machine from getting to you.
1)In ADD.CGI, under the sub process_form,
replace:
# Check the referer.
if (@db_referers and $ENV{'HTTP_REFERER'}) {
with:
# Check the referrer.
if (@db_referers) {
2) In LINKS.CFG at the Referers area
Add your domain, with single quotes as shown below. This will tell links2.0 to only accept submissions from your domain, ie. the add.cgi at your site:
# Referers -- which hosts are allowed to add to your database.
@db_referers = ('ezfriend.com','www.ezfriend.com','64.176.68.173');
------------------------
These two fixes I found in the forum and have worked for me, so hopefully they will work for your sites too.
Good luck,
Tim
support@ezfriend.com
Sep 17, 2000, 8:56 PM
Veteran / Moderator (1936 posts)
Sep 17, 2000, 8:56 PM
Post #18 of 67
Views: 16758
Checking out a few of those sites (about 20 of them) from the first couple blocks of links, it seems that nearly all of them are Links 2.0 or Links SQL sites, with a few exceptions (Yahoo, Lycos, etc.). I bet they lifted the links right out of the resource center... At least I'm not in there.... yet .
--Drew
--Drew
Sep 18, 2000, 12:16 PM
User (79 posts)
Sep 18, 2000, 12:16 PM
Post #20 of 67
Views: 16778
This may be a low tech solution but it has "voluntarily" stopped all further postings to my particular site. I started to return each and every posting directly to the 2 email addresses that appeared in my submission info which are:webmaster@webnaut.de and webmaster@net-soft.de plus I forwarded a complaint to this address: abuse@dj-ufk.de This may be a "low tech" and perhaps a temporary solution but it has stopped all further submissions to my site. My site info as does others still appears at this address...check to see if you are there: http://www.searchup.de/promo-ten/maschinen.html
Stevo
Now to explore the forums for a more permanent solution.........
Stevo
Now to explore the forums for a more permanent solution.........
Sep 19, 2000, 7:10 AM
New User (1 post)
Sep 19, 2000, 7:10 AM
Post #22 of 67
Views: 16663
I didn't like having to have an allow list for people who could post, I prefer having a ban list to limit people who can post, so I added a new variable to my links.cfg file:
@db_ban = ('net-soft.ne','195.20.225.110','searchup.de','dj-ufk.de',webnaut.de');
and then changed my add.cgi to read (instead of @db_referrers everyone is taking about):
if (@db_ban) {
$found=0;
foreach (@db_ban) {
$ENV{'HTTP_REFERER'} =~ /$_/i and $found++ and last;
}
Now I can choose people to ban instead of people to allow. Much more convienient.
Hope this helps,
Michael
- A computer without Microsoft is like a cake without Mustard -unknown
@db_ban = ('net-soft.ne','195.20.225.110','searchup.de','dj-ufk.de',webnaut.de');
and then changed my add.cgi to read (instead of @db_referrers everyone is taking about):
if (@db_ban) {
$found=0;
foreach (@db_ban) {
$ENV{'HTTP_REFERER'} =~ /$_/i and $found++ and last;
}
Now I can choose people to ban instead of people to allow. Much more convienient.
Hope this helps,
Michael
- A computer without Microsoft is like a cake without Mustard -unknown
Sep 19, 2000, 7:45 AM
Veteran (1220 posts)
Sep 19, 2000, 7:45 AM
Post #24 of 67
Views: 16617
Well, I have implemented your hack, but it gives me the "Auto submission blabla" error msg whenever I try to add any site, banned or not.
Thomas
http://www.japanreference.com
Thomas
http://www.japanreference.com
Sep 19, 2000, 11:33 AM
New User (3 posts)
Sep 19, 2000, 11:33 AM
Post #25 of 67
Views: 16727
Transmit the following letter to the Webmaster and the problem iseliminated. Sorry my English, I speaks German :-) Greeting from Switzerland
---
Guten Tag
nehmen Sie "name your website" (www.yourdomain.com) unverzüglich von der Liste. Sollten nach einer Reaktionszeit von 2 Tagen immer noch Seitenanmeldungen von searchup.ch eintreffen, sind wir gezwungen rechtliche Schritte gegen Sie vorzunehmen.
Mit freundlichen Grüssen
"your name"
---
---
Guten Tag
nehmen Sie "name your website" (www.yourdomain.com) unverzüglich von der Liste. Sollten nach einer Reaktionszeit von 2 Tagen immer noch Seitenanmeldungen von searchup.ch eintreffen, sind wir gezwungen rechtliche Schritte gegen Sie vorzunehmen.
Mit freundlichen Grüssen
"your name"
---
Sep 19, 2000, 10:41 PM
Novice (12 posts)
Sep 19, 2000, 10:41 PM
Post #27 of 67
Views: 11076
How would a confirm solve things? My messages are about 90% PURE trash!(sites that don't contain meaningful content, or are X rated, etc..., but have SOMETHING reasonable) Out of the remaining 10% about 2% are TAUNTS!(one day telling me that spams come from a site(where the authors email domain is an alias for that site), another day giving a bad phone number to call, and ANOTHER pointing to a bad URL on this site!)! About 3% are TOTAL garbage(like having fields with jdkdjdk in them). About 5% seem reasonable. OH YEAH. Duplicates are consistant, and obviously intentional. I was thinking about recording IP, PORT, TIME, attempting to filter input from that computer(via a cookie), and checking for duplicate submissions. Sadly, I've got ENOUGH to do right now!
Sep 19, 2000, 10:50 PM
Novice (12 posts)
Sep 19, 2000, 10:50 PM
Post #29 of 67
Views: 11088
I don't want to hurt HONEST submissions though. If I DID get listed in a submission program, and people were DECENT, that would be FANTASTIC. My dream was to have a GOOD site with GOOD and valid links. Heck, about 2% of the links go bad each month, and that is ENOUGH trouble for me in this venture.
Sep 19, 2000, 11:23 PM
Novice (12 posts)
Sep 19, 2000, 11:23 PM
Post #30 of 67
Views: 11039
Well, you walk a tightrope when you run such a directory. HECK, I run a domain registration site, and a LOT of design problems could have been solved by a user based registration system. Alas, that would complicate the original purchase, and I could likely lose customers.
I just added:
if ($ENV{'HTTP_REFERER'}=~m/searchup.de/i) {
print "Content-type: text/plain\n\nJERK! GET LOST!!!!";
exit;
}
Granted, it only works in this one case(I'll add a more flexible method later), and STILL doesn't get rid of duplicate entries.(I'll add that later), but it apparantly works HERE! I don't want to limit everyone else.
I just added:
if ($ENV{'HTTP_REFERER'}=~m/searchup.de/i) {
print "Content-type: text/plain\n\nJERK! GET LOST!!!!";
exit;
}
Granted, it only works in this one case(I'll add a more flexible method later), and STILL doesn't get rid of duplicate entries.(I'll add that later), but it apparantly works HERE! I don't want to limit everyone else.
Sep 20, 2000, 12:45 AM
Novice (10 posts)
Sep 20, 2000, 12:45 AM
Post #33 of 67
Views: 11081
OK, Maybe we are talking about slightly different things. Robots can not pass the add-confirm. They just add. When I look at my server log, I still get every day 30-70 hits for add.cgi. These are the robots. But there are no (or just a few) records to validate. Conclusion: Robots are not humans, they do not wait for the confirm screen and hit <enter> again, they have fulfilled their task when they have added their SPAM to add.cgi.
Another useful mod is the one (forgot the name now) that gives an error when a site is already in the database or in validate.db. But I have noticed that that one does not work against robots.
Only after I has installed add-confoirm, my quiet life came back.
To give some figures: I now have around 450 serious links (maybe some were entered by robots anyway) but my ID for the next link is near 900. So I had to remove around 450 SPAM links by hand. It drove me mad! Now I only get serious suggestions, that can in most cases be accepted.
René Hasekamp
Find my Portal (Links 2.0) on
http://www.hasekamp.net/links/pages/
Another useful mod is the one (forgot the name now) that gives an error when a site is already in the database or in validate.db. But I have noticed that that one does not work against robots.
Only after I has installed add-confoirm, my quiet life came back.
To give some figures: I now have around 450 serious links (maybe some were entered by robots anyway) but my ID for the next link is near 900. So I had to remove around 450 SPAM links by hand. It drove me mad! Now I only get serious suggestions, that can in most cases be accepted.
René Hasekamp
Find my Portal (Links 2.0) on
http://www.hasekamp.net/links/pages/
Sep 20, 2000, 8:11 AM
Veteran (17240 posts)
Sep 20, 2000, 8:11 AM
Post #34 of 67
Views: 11111
Regards,
Eliot Lee
Sep 20, 2000, 9:34 AM
New User (1 post)
Sep 20, 2000, 9:34 AM
Post #35 of 67
Views: 10991
www.net-soft.de and www.searchup.de are hosted by Schlund & Partner (German Provider). All spammed webmaster should send a email to hostmaster@schlund.de:
==========================================================
TO: hostmaster@schlund.de
SUBJECT: Schlund & Partner hostet Spammer
Sehr geehrte Damen und Herren,
Sie hosten unter den Domain-Namen:
www.net-soft.de und
www.searchup.de
einen 'Suchmaschinen-Eintragdienst',
der automatisiert und unautorisiert weltweit
Linkseiten auf Homepages anspringt. Trotz
vielfacher Anmahnung auf Unterlassung werden die
Eintragdaten dieses kommerziellen Dienstes nicht
korrigiert.
Besitzer des Domainnamens ist:
person: Dirk Jaeger
address: Neckarstrasse 71
address: 76199 Karlsruhe
address: DE
e-mail: dirkhunter@aol.com
nic-hdl: DJ511-RIPE
changed: lastchange@denic.de 20000321
source: DENIC
Unsere/meine Domain >>>your-domain<<< wird
von Ihrem Kunden widerrechtlich gelinkt. Ich /
Wir fordern Sie als Provider hiermit auf, dem
ungesetzlichen Handeln Ihres Kunden die technischen
Moeglichkeiten zu entziehen. Wir raeumen Ihnen eine
Reaktionszeit von 48 Stunden ein und behalten uns
ggf. rechtliche Schritte gegen Schlund &
Partner vor.
Mit freundlichen Gruessen
>>>yourname<<<
==========================================================
==========================================================
TO: hostmaster@schlund.de
SUBJECT: Schlund & Partner hostet Spammer
Sehr geehrte Damen und Herren,
Sie hosten unter den Domain-Namen:
www.net-soft.de und
www.searchup.de
einen 'Suchmaschinen-Eintragdienst',
der automatisiert und unautorisiert weltweit
Linkseiten auf Homepages anspringt. Trotz
vielfacher Anmahnung auf Unterlassung werden die
Eintragdaten dieses kommerziellen Dienstes nicht
korrigiert.
Besitzer des Domainnamens ist:
person: Dirk Jaeger
address: Neckarstrasse 71
address: 76199 Karlsruhe
address: DE
e-mail: dirkhunter@aol.com
nic-hdl: DJ511-RIPE
changed: lastchange@denic.de 20000321
source: DENIC
Unsere/meine Domain >>>your-domain<<< wird
von Ihrem Kunden widerrechtlich gelinkt. Ich /
Wir fordern Sie als Provider hiermit auf, dem
ungesetzlichen Handeln Ihres Kunden die technischen
Moeglichkeiten zu entziehen. Wir raeumen Ihnen eine
Reaktionszeit von 48 Stunden ein und behalten uns
ggf. rechtliche Schritte gegen Schlund &
Partner vor.
Mit freundlichen Gruessen
>>>yourname<<<
==========================================================
Sep 20, 2000, 4:48 PM
Novice (12 posts)
Sep 20, 2000, 4:48 PM
Post #38 of 67
Views: 11016
I ALREADY had a condition where the counter got messed up(and yes, the lock IS enabled). editing the validate.db file by hand is dangerous. As for deletion? I am trying to replace them with good links instead. Each link can take me several minutes. BTW, I am ALSO rechecking every other link. I don't want to be another Yahoo, etc...
Sep 20, 2000, 4:56 PM
Novice (12 posts)
Sep 20, 2000, 4:56 PM
Post #39 of 67
Views: 10982
The person there is a jerk. I updated my site, and then(as a test), sent a post from their site that said "IF you are being spammed, check out...". Then I did a stupid thing. I sent a letter, which probably had the same IP address, asking him to stop spamming me.
He accused me of doing a criminal act, and said his company is 100% above board, etc... He even threatened to sue me(claiming he has started). He even said my response should be in German or he would charge to translate it!
Hopefully, he is like a praying mantis that I saw as a kid. My bikes tire was near it(and I was going to get out of its way, as it could have gotten out of mine), and it took an aggressive position! Frankly, I had more respect for that praying mantis!
He accused me of doing a criminal act, and said his company is 100% above board, etc... He even threatened to sue me(claiming he has started). He even said my response should be in German or he would charge to translate it!
Hopefully, he is like a praying mantis that I saw as a kid. My bikes tire was near it(and I was going to get out of its way, as it could have gotten out of mine), and it took an aggressive position! Frankly, I had more respect for that praying mantis!
Sep 22, 2000, 1:11 PM
New User (2 posts)
Sep 22, 2000, 1:11 PM
Post #41 of 67
Views: 10909
I utilized .htaccess to deny them access to my site. I also renamed the add.cgi script, just in case. I've written them two emails in the past and they never removed my site, so I had to take evasive actions.
I had previously used the "valid referer" option in the links setup, but it appears they managed to blank out their referer, either that or my site stopped reporting it.
One other thing I did is if someone who isn't on the valid referer list manages to auto-submit, I blanked out their submission information. At the very least they'll have to type it in again and this might be enough to get them to rethink whether they want to bother.
I had previously used the "valid referer" option in the links setup, but it appears they managed to blank out their referer, either that or my site stopped reporting it.
One other thing I did is if someone who isn't on the valid referer list manages to auto-submit, I blanked out their submission information. At the very least they'll have to type it in again and this might be enough to get them to rethink whether they want to bother.
Jan 16, 2001, 12:22 PM
User (161 posts)
Jan 16, 2001, 12:22 PM
Post #42 of 67
Views: 10754
My search engine keeps getting spammed by bot submissions and I need it to stop! Where can I get a copy of the add-confirm mod? It used to be available at the following URL:
http://www.asan.com/users/phoenix/addconfirm.zip
But it is not there anymore. Is this the same mod that will stop the bot submissions?
Rob Bartlett
AAA Internet Publishing, Inc.
http://www.AAAInternet.com
http://www.asan.com/users/phoenix/addconfirm.zip
But it is not there anymore. Is this the same mod that will stop the bot submissions?
Rob Bartlett
AAA Internet Publishing, Inc.
http://www.AAAInternet.com
Jan 16, 2001, 1:26 PM
Novice (10 posts)
Jan 16, 2001, 1:26 PM
Post #43 of 67
Views: 10796
Hello,
I have found it in the thread "German Spammers" of this forum. The author was "nodeception". Hope you will be able to find it! I only printed it from the forum.
I also used a mod that I found on http://204.180.41.204/links2mod1.htm
Hope that one is still there! It prevents double enties in either links.db or validate.db.
And I used a mod to block certain URL's or domains, which is at http://lookhard.hypermart.net/links/links-mods/blockurls.html
I hope and believe I made no typing errors.
Installation of these mods is a bit confusing, but I am free from spammers at this moment!
Rene Hasekamp
René Hasekamp
Find my Portal (Links 2.0) on
http://www.hasekamp.net/links/pages/
I have found it in the thread "German Spammers" of this forum. The author was "nodeception". Hope you will be able to find it! I only printed it from the forum.
I also used a mod that I found on http://204.180.41.204/links2mod1.htm
Hope that one is still there! It prevents double enties in either links.db or validate.db.
And I used a mod to block certain URL's or domains, which is at http://lookhard.hypermart.net/links/links-mods/blockurls.html
I hope and believe I made no typing errors.
Installation of these mods is a bit confusing, but I am free from spammers at this moment!
Rene Hasekamp
René Hasekamp
Find my Portal (Links 2.0) on
http://www.hasekamp.net/links/pages/
Jan 17, 2001, 9:51 AM
User (161 posts)
Jan 17, 2001, 9:51 AM
Post #45 of 67
Views: 10792
I did everthing suggested here:
1)In ADD.CGI, under the sub process_form,
replace:
# Check the referer.
if (@db_referers and $ENV{'HTTP_REFERER'}) {
with:
# Check the referrer.
if (@db_referers) {
2) In LINKS.CFG at the Referers area
Add your domain, with single quotes as shown below. This will tell links2.0 to only accept submissions from your domain, ie. the add.cgi at your site:
# Referers -- which hosts are allowed to add to your database.
@db_referers = ('ezfriend.com','www.ezfriend.com','64.176.68.173');
And I am STILL getting bloody spam from the Germans, what a pain in the ass...
This time it all came from urbia.com. Is there any other way to stop this? Excluding certain domains won't really work since they appear to be coming from different domains all the time, not to mention that there is no trace back to any domain, other than through the form input. Here is a sample submission e-mail, aaaclipart.com [209.50.251.115] is the name of the server that the search engine is on:
Return-Path: <nobody@aaaclipart.com>
Received: (from robbartlett@localhost)
by bohrium.baremetal.com (8.9.1a/8.9.3) id GAA00293
for robbartlett@aaainternet.baremetal.com; Wed, 17 Jan 2001 06:10:09 -0800
Received: from aaaclipart.com (aaaclipart.com [209.50.251.115] (may be forged))
by bohrium.baremetal.com (8.9.1a/8.9.3) with ESMTP id GAA00289
for <rob@aaainternet.com>; Wed, 17 Jan 2001 06:10:08 -0800
Received: by aaaclipart.com (8.9.0/8.9.0) id EAA21261;
Wed, 17 Jan 2001 04:46:48 -0500 (EST)
Date: Wed, 17 Jan 2001 04:46:48 -0500 (EST)
Message-Id: <200101170946.EAA21261@aaaclipart.com>
To: rob@aaainternet.com
From: Rolf.Oppermann@urbia.com
X-Mailer: Mailer::1.0 (http://www.gossamer-threads.com/scripts/)
Subject: AAADesignList New Link: Flugzeuge, flugzeuge, flugzeug, Flugzeug, FLUGZEUGE
X-Envelope-To: robbartlett@aaainternet.baremetal.com
X-UIDL: 0d94197a085bba8c97d5b224d4fbb58d
The following link is awaiting validation:
Title: Flugzeuge, flugzeuge, flugzeug, Flugzeug, FLUGZEUGE
URL: http://schwanger.urbia.de/optimizeSearch/Flugzeuge.htm
Category: US Commercial
Description: Flugzeuge, flugzeuge, Urbia das grosse europäische Eltern Portal optimizeSearch Flugzeuge
Contact Name: Rolf Oppermann
Contact Email: Rolf.Oppermann@urbia.com
Remote Host:
Referer: http://www.aaadesignlist.com/
Do these same problems happen with Links SQL?
Rob Bartlett
AAA Internet Publishing, Inc.
http://www.AAAInternet.com
1)In ADD.CGI, under the sub process_form,
replace:
# Check the referer.
if (@db_referers and $ENV{'HTTP_REFERER'}) {
with:
# Check the referrer.
if (@db_referers) {
2) In LINKS.CFG at the Referers area
Add your domain, with single quotes as shown below. This will tell links2.0 to only accept submissions from your domain, ie. the add.cgi at your site:
# Referers -- which hosts are allowed to add to your database.
@db_referers = ('ezfriend.com','www.ezfriend.com','64.176.68.173');
And I am STILL getting bloody spam from the Germans, what a pain in the ass...
This time it all came from urbia.com. Is there any other way to stop this? Excluding certain domains won't really work since they appear to be coming from different domains all the time, not to mention that there is no trace back to any domain, other than through the form input. Here is a sample submission e-mail, aaaclipart.com [209.50.251.115] is the name of the server that the search engine is on:
Return-Path: <nobody@aaaclipart.com>
Received: (from robbartlett@localhost)
by bohrium.baremetal.com (8.9.1a/8.9.3) id GAA00293
for robbartlett@aaainternet.baremetal.com; Wed, 17 Jan 2001 06:10:09 -0800
Received: from aaaclipart.com (aaaclipart.com [209.50.251.115] (may be forged))
by bohrium.baremetal.com (8.9.1a/8.9.3) with ESMTP id GAA00289
for <rob@aaainternet.com>; Wed, 17 Jan 2001 06:10:08 -0800
Received: by aaaclipart.com (8.9.0/8.9.0) id EAA21261;
Wed, 17 Jan 2001 04:46:48 -0500 (EST)
Date: Wed, 17 Jan 2001 04:46:48 -0500 (EST)
Message-Id: <200101170946.EAA21261@aaaclipart.com>
To: rob@aaainternet.com
From: Rolf.Oppermann@urbia.com
X-Mailer: Mailer::1.0 (http://www.gossamer-threads.com/scripts/)
Subject: AAADesignList New Link: Flugzeuge, flugzeuge, flugzeug, Flugzeug, FLUGZEUGE
X-Envelope-To: robbartlett@aaainternet.baremetal.com
X-UIDL: 0d94197a085bba8c97d5b224d4fbb58d
The following link is awaiting validation:
Title: Flugzeuge, flugzeuge, flugzeug, Flugzeug, FLUGZEUGE
URL: http://schwanger.urbia.de/optimizeSearch/Flugzeuge.htm
Category: US Commercial
Description: Flugzeuge, flugzeuge, Urbia das grosse europäische Eltern Portal optimizeSearch Flugzeuge
Contact Name: Rolf Oppermann
Contact Email: Rolf.Oppermann@urbia.com
Remote Host:
Referer: http://www.aaadesignlist.com/
Do these same problems happen with Links SQL?
Rob Bartlett
AAA Internet Publishing, Inc.
http://www.AAAInternet.com
Feb 5, 2001, 5:01 PM
New User (2 posts)
Feb 5, 2001, 5:01 PM
Post #47 of 67
Views: 10623
This german JERK has been a pain in my butt for the better part of a year now and despite my requests that he remove my site from his robot submission engine, he refuses. (MOST RUDELY I MUST ADMIT)
With that in mind I created a simple work around that easily keeps him off my site and doesn't create any extra steps for my users.
I changed all links to 'add.cgi' in my links templates to adsite.html. This is an html form that I created specifically for site submissions. This means that my submission page is static rather than dynamically created by the add.cgi script. Which is really no big deal.
This HTML form posts to what was formally called 'add.cgi'.
I changed the name of the script to submit.cgi. The script works the same way no matter what you call it. Every time I start getting submissions from Germany with no referrer site listed, I change the name of the script and point my html form to the newly named script.
Changing the name of the script and the 1 line of html code only takes 20 seconds and doesn't create any extra steps for people submitting to my site as some of the other mods and work arounds.
The way I look at it, if that Kraut wants to keep changing his code so that his users can submit to my site then let him knock himself out. I'll just keep changing the name of the script.
BTW, since implementing this work around in late November of 2000, I've only had to change the name of the script once.
You can check out my handy work at http://www.rightbot.com
With that in mind I created a simple work around that easily keeps him off my site and doesn't create any extra steps for my users.
I changed all links to 'add.cgi' in my links templates to adsite.html. This is an html form that I created specifically for site submissions. This means that my submission page is static rather than dynamically created by the add.cgi script. Which is really no big deal.
This HTML form posts to what was formally called 'add.cgi'.
I changed the name of the script to submit.cgi. The script works the same way no matter what you call it. Every time I start getting submissions from Germany with no referrer site listed, I change the name of the script and point my html form to the newly named script.
Changing the name of the script and the 1 line of html code only takes 20 seconds and doesn't create any extra steps for people submitting to my site as some of the other mods and work arounds.
The way I look at it, if that Kraut wants to keep changing his code so that his users can submit to my site then let him knock himself out. I'll just keep changing the name of the script.
BTW, since implementing this work around in late November of 2000, I've only had to change the name of the script once.
You can check out my handy work at http://www.rightbot.com
Feb 6, 2001, 7:31 AM
Novice (5 posts)
Feb 6, 2001, 7:31 AM
Post #48 of 67
Views: 10639
I just ran into this problem. I run a small site dedicated to victoms of Spiritual Abuse and Bible Apologetics. So imagine my surprise this morning when I got submissions from about 10 German Porn Sites !-)
So, after reading all of your messages, I decided to implement the following changes.
First too links.cfg
# Referers -- which hosts are allowed to add to your database.
@db_referers = ('montrosebaptist.org','www.montrosebaptist.org','63.249.233.119');
# 6feb01 -- ban certain referrers
@db_ban = ('net-soft.ne','net-soft.de','195.20.225.110','searchup.de','dj-ufk.de','webnaut.ne','webnaut.de');
Now to add.cgi:
# Check the referer.
# 6feb01
# if (@db_referers and $ENV{'HTTP_REFERER'}) {
if (@db_referers) {
$found = 0;
foreach (@db_referers) {
$ENV{'HTTP_REFERER'} =~ /$_/i and $found++ and last;
}
if (!$found) {
# ----- 6feb01 ------------------
my($warref) = $ENV{'REMOTE_ADDR'};
my($warnung) = qq~<BR><BR><FONT COLOR="RED">Actung ! Nehmen Sie "$in{'Title'}" ($in{'URL'}) unverzüglich von der Liste. Sollten nach einer Reaktionszeit von 2 Tagen immer noch Seitenanmeldungen von <$warref> eintreffen, sind wir gezwungen rechtliche Schritte gegen Sie vorzunehmen.</FONT>~;
if (@db_ban) {
foreach (@db_ban) {
if($ENV{'HTTP_REFERER'} =~ /$_/i || $warref =~ /$_/i ) {
print "Content-type: text/html\n\n<H1>$warnung</H1>";
exit;
}
}
}
# --------------------------------
print "Content-type: text/html\n\n";
print qq~<P>
<H1 align="centered">Auto Submissions are NOT allowed.</H1>
<FONT COLOR="BLUE"><BR>Before you submit your url, please be aware that we are <B>ONLY</B> interested in sites that deal with Spiritual Abuse and Biblical Authority. This is NOT a generic search engine/site. If you are not sure whether or not qualifies, then we suggest you visit the
<A HREF="http://www.montrosebaptist.org">rest of our site <B>(montrosebaptist.org)</B></A> before making an entry.<BR><BR>
Warning! Continued attempts at auto submit $in{'URL'} will compel us to take all legal remedies available to us to make you stop.</FONT>
</P>
<P><FONT COLOR="RED">Wir drucken nicht kommerzielle websites aus. Wir drucken nicht generische Suchmaschinen aus. Kennzeichnen sollen, muß Ihre Site über Mißbrauch des Geistes. Oder Ihre Site muß über die Studie der Bibel sein. Alle weiteren Unterordnungen werden zurückgewiesen.</FONT>
$warnung
</P>
<P><FONT SIZE="-2" COLOR="SILVER">
Your submission from $ENV{'HTTP_REFERER'} ($warref) has been logged for legal/auditing purposes.
</FONT>
</P>
~;
exit;
# &site_html_add_failure ("Auto submission is not allowed in this directory. Please visit the site to add your entry.".$warnung);
# return;
}
}
Yes, it's a bit of a kludge, but it works !
So, after reading all of your messages, I decided to implement the following changes.
First too links.cfg
# Referers -- which hosts are allowed to add to your database.
@db_referers = ('montrosebaptist.org','www.montrosebaptist.org','63.249.233.119');
# 6feb01 -- ban certain referrers
@db_ban = ('net-soft.ne','net-soft.de','195.20.225.110','searchup.de','dj-ufk.de','webnaut.ne','webnaut.de');
Now to add.cgi:
# Check the referer.
# 6feb01
# if (@db_referers and $ENV{'HTTP_REFERER'}) {
if (@db_referers) {
$found = 0;
foreach (@db_referers) {
$ENV{'HTTP_REFERER'} =~ /$_/i and $found++ and last;
}
if (!$found) {
# ----- 6feb01 ------------------
my($warref) = $ENV{'REMOTE_ADDR'};
my($warnung) = qq~<BR><BR><FONT COLOR="RED">Actung ! Nehmen Sie "$in{'Title'}" ($in{'URL'}) unverzüglich von der Liste. Sollten nach einer Reaktionszeit von 2 Tagen immer noch Seitenanmeldungen von <$warref> eintreffen, sind wir gezwungen rechtliche Schritte gegen Sie vorzunehmen.</FONT>~;
if (@db_ban) {
foreach (@db_ban) {
if($ENV{'HTTP_REFERER'} =~ /$_/i || $warref =~ /$_/i ) {
print "Content-type: text/html\n\n<H1>$warnung</H1>";
exit;
}
}
}
# --------------------------------
print "Content-type: text/html\n\n";
print qq~<P>
<H1 align="centered">Auto Submissions are NOT allowed.</H1>
<FONT COLOR="BLUE"><BR>Before you submit your url, please be aware that we are <B>ONLY</B> interested in sites that deal with Spiritual Abuse and Biblical Authority. This is NOT a generic search engine/site. If you are not sure whether or not qualifies, then we suggest you visit the
<A HREF="http://www.montrosebaptist.org">rest of our site <B>(montrosebaptist.org)</B></A> before making an entry.<BR><BR>
Warning! Continued attempts at auto submit $in{'URL'} will compel us to take all legal remedies available to us to make you stop.</FONT>
</P>
<P><FONT COLOR="RED">Wir drucken nicht kommerzielle websites aus. Wir drucken nicht generische Suchmaschinen aus. Kennzeichnen sollen, muß Ihre Site über Mißbrauch des Geistes. Oder Ihre Site muß über die Studie der Bibel sein. Alle weiteren Unterordnungen werden zurückgewiesen.</FONT>
$warnung
</P>
<P><FONT SIZE="-2" COLOR="SILVER">
Your submission from $ENV{'HTTP_REFERER'} ($warref) has been logged for legal/auditing purposes.
</FONT>
</P>
~;
exit;
# &site_html_add_failure ("Auto submission is not allowed in this directory. Please visit the site to add your entry.".$warnung);
# return;
}
}
Yes, it's a bit of a kludge, but it works !
Feb 6, 2001, 9:23 AM
Veteran (19537 posts)
Feb 6, 2001, 9:23 AM
Post #54 of 67
Views: 9826
Why not get add.cgi to set a cookie and only accept submissions if the cookie exists. That way they have to visit your add.cgi page to get the cookie set to their browser.
Paul Wilson.
new - http://www.wiredon.net
Paul Wilson.
new - http://www.wiredon.net
May 3, 2001, 5:46 PM
Novice (35 posts)
May 3, 2001, 5:46 PM
Post #56 of 67
Views: 9545
Thanks for the script. I had submitworld.com start to spam my directory and I only accept links with reciprocal links. I was getting a link sometimes every minute. Again thanks.
SearchAt!
http://webbusinessservices.virtualave.net
http://searchat/virtualave.net
SearchAt!- Directory of Services
http://webbusinessservices.hypermart.net
SearchAt!
http://webbusinessservices.virtualave.net
http://searchat/virtualave.net
SearchAt!- Directory of Services
http://webbusinessservices.hypermart.net
May 4, 2001, 2:52 AM
User (166 posts)
May 4, 2001, 2:52 AM
Post #57 of 67
Views: 9517
yes indeed there is someone out here who is getting spammed real bad too!!!!
The difference is (maybe) that the initial hacker tests came from a submitted website "homepage.de" or so, from a Nacamar called firm and under the use of a probably fake email address of "test@nirvana.de".
Any of this familiar to you???
As for the spam that came in after a few of the above named hack test trials it was at the first atempt all porn from a site called www.sexisp.com, then -after i installed the referer URL (in links.cfg)- they stopped for a few weeks after which the same hack tests came through again and the spam started again, again with porn from that sexisp.com.
It could very well be a german hacker and anyone else reading this and have some info please tell me what can be done to stop the spamming!!!!
(refferer URL obviousely doesn't do the trick, even after taking the add.html page off line the spam would continue!!!
Links2 seems not very secure for such netassholes
Rud
The difference is (maybe) that the initial hacker tests came from a submitted website "homepage.de" or so, from a Nacamar called firm and under the use of a probably fake email address of "test@nirvana.de".
Any of this familiar to you???
As for the spam that came in after a few of the above named hack test trials it was at the first atempt all porn from a site called www.sexisp.com, then -after i installed the referer URL (in links.cfg)- they stopped for a few weeks after which the same hack tests came through again and the spam started again, again with porn from that sexisp.com.
It could very well be a german hacker and anyone else reading this and have some info please tell me what can be done to stop the spamming!!!!
(refferer URL obviousely doesn't do the trick, even after taking the add.html page off line the spam would continue!!!
Links2 seems not very secure for such netassholes
Rud
May 4, 2001, 3:19 AM
User (166 posts)
May 4, 2001, 3:19 AM
Post #58 of 67
Views: 9554
usually it helps since sezrchup.de should have an interest in their reputation.
Gee i almost wish the porn spammer on my links2 installation would be so easy to stop)
webmaster@selfmaster.de
seems to be their contact address (but you can try soft.de as well or any other you find on their site.
Here is the german text (in short) (please suply with your Search Engine Name and your name where stated) you can use to advice them of the fact that they are not autorized to auto submit unless they have written consensus with you.
Werte searchup Leute,
euer auto submission service at http://www.searchup.de/promo-ten/maschinen.html
benutzt leider unsere Search Engine "Name of it here" OHNE ERFRAGTE ERLAUBNIS!
Da wir den spam nicht listen oder behandeln koennen erwarten wir dass Ihr unsere S.E. SOFORT aus euerer Liste entfernen, andernfalls sehen wir uns gezwungen rechtliche schritte gegen Euch zu unternehmen.
Freundlichst
"your name here"
Hope that will get the Attention of them.
As for my own spam problem, if anyone has a receipe to stop spamming in general, i would like to hear of it.
Rudolf
Gee i almost wish the porn spammer on my links2 installation would be so easy to stop)
webmaster@selfmaster.de
seems to be their contact address (but you can try soft.de as well or any other you find on their site.
Here is the german text (in short) (please suply with your Search Engine Name and your name where stated) you can use to advice them of the fact that they are not autorized to auto submit unless they have written consensus with you.
Werte searchup Leute,
euer auto submission service at http://www.searchup.de/promo-ten/maschinen.html
benutzt leider unsere Search Engine "Name of it here" OHNE ERFRAGTE ERLAUBNIS!
Da wir den spam nicht listen oder behandeln koennen erwarten wir dass Ihr unsere S.E. SOFORT aus euerer Liste entfernen, andernfalls sehen wir uns gezwungen rechtliche schritte gegen Euch zu unternehmen.
Freundlichst
"your name here"
Hope that will get the Attention of them.
As for my own spam problem, if anyone has a receipe to stop spamming in general, i would like to hear of it.
Rudolf
May 4, 2001, 3:23 AM
Veteran / Moderator (1203 posts)
May 4, 2001, 3:23 AM
Post #59 of 67
Views: 9584
There's loads of things to stop spamming floating around... Seems using a combination of methods would work well. Ie. using cookies, banned log file, add confirm etc....
Glenn
Links 2 Mods Site:
http://cgi-resource.co.uk/pages/links2mods.shtml
Glenn
Links 2 Mods Site:
http://cgi-resource.co.uk/pages/links2mods.shtml
Jul 27, 2001, 9:46 AM
New User (1 post)
Jul 27, 2001, 9:46 AM
Post #61 of 67
Views: 9234
Turns out a translation is not necessary as their english is fine.
I was receiving as many as 100 submissions a day and had tried most of the easier suggested fixes and was gearing myself up to doing something a bit more time consuming when one of the spammers actually replied to an eMail I sent and explained about the http://submitta.com site. I joined the forum and found a thread that was relevant called "Is this true?". On this thread I explained that I ran a small locally based portal site and asked to be removed. I received an apology a couple of days later from Thiemo Nagel ( webmaster@submitta.com ) and not a single spammed submission has come my way in the last week.
I was receiving as many as 100 submissions a day and had tried most of the easier suggested fixes and was gearing myself up to doing something a bit more time consuming when one of the spammers actually replied to an eMail I sent and explained about the http://submitta.com site. I joined the forum and found a thread that was relevant called "Is this true?". On this thread I explained that I ran a small locally based portal site and asked to be removed. I received an apology a couple of days later from Thiemo Nagel ( webmaster@submitta.com ) and not a single spammed submission has come my way in the last week.
Aug 1, 2001, 10:35 AM
Novice (8 posts)
Aug 1, 2001, 10:35 AM
Post #62 of 67
Views: 9218
Hello!
Yes I am spammed also badly each minutes i got maybe auto add maybe 5 links it seems its running a desktop software I have to change always the add.cgi for another name :(
Hmmm yes they are from Germany and at the end it points always to www.adultfinder.de its maybe a webmaster working with referals and spaming:(
This is an example look!
The following link is awaiting validation:
Title: Natascha hat es drauf, strumfhosen sex, getragene strumfhosen
URL: http://www.luftballonfrauen.xxx.kostenlose-sexpics.de/live/
Category: Hardcore
Description: F R A N Z Ö S I N N E N - P R I V A T
Contact Name: RabitSeitz
Contact Email: anfrage@blanke-muschis.de
Remote Host: 80.65.34.67
Referer: http://www.lycos.fr/service/site_added.html?url=http://www.luftballonfrauen.xxx.kostenlose-sexpics.de/live/&email=anfrage@blanke-muschis.de
What do u suggest to stop that?
Its annoying!
Saludos
Terrax
Yes I am spammed also badly each minutes i got maybe auto add maybe 5 links it seems its running a desktop software I have to change always the add.cgi for another name :(
Hmmm yes they are from Germany and at the end it points always to www.adultfinder.de its maybe a webmaster working with referals and spaming:(
This is an example look!
The following link is awaiting validation:
Title: Natascha hat es drauf, strumfhosen sex, getragene strumfhosen
URL: http://www.luftballonfrauen.xxx.kostenlose-sexpics.de/live/
Category: Hardcore
Description: F R A N Z Ö S I N N E N - P R I V A T
Contact Name: RabitSeitz
Contact Email: anfrage@blanke-muschis.de
Remote Host: 80.65.34.67
Referer: http://www.lycos.fr/service/site_added.html?url=http://www.luftballonfrauen.xxx.kostenlose-sexpics.de/live/&email=anfrage@blanke-muschis.de
What do u suggest to stop that?
Its annoying!
Saludos
Terrax
Aug 1, 2001, 10:48 AM
Veteran / Moderator (1936 posts)
Aug 1, 2001, 10:48 AM
Post #63 of 67
Views: 9152
Aug 3, 2001, 8:51 PM
User (378 posts)
Aug 3, 2001, 8:51 PM
Post #64 of 67
Views: 9034
What I am planning on intergrating on my site is a Paypal style submission form so that they have to type in a randomly generated number to be allowed to submit the form.
I posted about this in the Links SQL forum so I'm not going to repeat my self, but I'll give you guys the code for it if I end up doing it in Perl (First version will be in PHP).
I think this is a fairly simple way to prevent spam.
Michael Bray
I posted about this in the Links SQL forum so I'm not going to repeat my self, but I'll give you guys the code for it if I end up doing it in Perl (First version will be in PHP).
I think this is a fairly simple way to prevent spam.
Michael Bray
Aug 4, 2001, 4:28 AM
Veteran (19537 posts)
Aug 4, 2001, 4:28 AM
Post #65 of 67
Views: 8989
I've already done that kind of mod which can be downloaded from the link in my signature.
Mods:http://wiredon.net/gt/download.shtml
Installs:http://wiredon.net/gt/
Mods:http://wiredon.net/gt/download.shtml
Installs:http://wiredon.net/gt/