Gossamer Forum
Home : Products : Gossamer Links : Version 1.x :

How's this possible?

Quote Reply
How's this possible?
Someone is spamming.
I'm using the spam prevention in the script
($LINKS{db_referers} ...

But what I don't get is, it seems like they are not using the form on my site. The form on my site has "maxtext" in each field, and the title and desription fields they are submiting are longer than the "maxtext" I allow. How's that possible?

Quote Reply
Re: How's this possible? In reply to
Try setting db_referers to the _EXACT_ URL of your add.cgi script.

Paul Wilson. Shocked
(Dont blame me if I'm wrong!)
Quote Reply
Re: How's this possible? In reply to
Hi,

They could also be submitting directly to your script and passing in the proper REFERER tag. Some ways to get around this:

1. Move your add.cgi to add_url.cgi or something different.
2. Add a hidden tag to your add form that must appear in the results. Most of the spammers are mass-submitions and won't customize to individual sites.
3. Block the IP of the spammer

Hope that helps,

Alex

--
Gossamer Threads Inc.
Quote Reply
Re: How's this possible? In reply to
I've thought about this several times recently. The only really low maint way to do it is to generate a tag that is obscure and which changes randomly in a reproducable but non-predictable way.

Quite possibly setting a user cookie that is returned with the form? The cookie is generated when the add.html form is sent, and the user cookie has to match the embedded tag. In that way, you'd be forcing the referrer to be local to the server since it has to be embedded in the add.html and the cookie - right? You couldn't fake that.



PUGDOGŪ
PUGDOGŪ Enterprises, Inc.
FAQ: http://pugdog.com/FAQ


Quote Reply
Re: How's this possible? In reply to
Phew......how did you think of that.......lol.......I dont think I have enough brain power to think of ideas like that.

Paul Wilson. Shocked
(Dont blame me if I'm wrong!)
Quote Reply
Re: How's this possible? In reply to
Alex,

I ran into a similar problem with a third party script I use to compile submissions. What I found is they were spoofing the IP address as well and I couldn't block it. What I tried (unsuccessfully) was to only allow script execution if it was referred by the submission page URL through server config files. I even changed the URL of the submission form and the @referer field in the script to the full new URL. Nothing made a difference. I could still execute the script directly from my web browser. Fortunately, they broke off the attack and did not resume when I chmod' the script to 644 for a few minutes.

Is there a way to prevent direct script execution from a web browser and still have it functional when called by a form on a page at a specific URL?

I realize this may be beyond the scope of assistance you normally provide through this forum but if it's a simple fix I could really use the help. If it's more complex than you'd rather get involved with, can you direct me to a resource where I can learn how to do it myself?

Mark Brasche
http://SurfSafely.com/
Quote Reply
Re: How's this possible? In reply to
Hi Mark,

No, the web is stateless. The web server has no way of knowing whether the request to run add.cgi came from the add form, or is a mass spam.

The changes required to combat this would be quite complex, and are never full proof as you can always emulate a browser when writing a robot.

Cheers,

Alex

--
Gossamer Threads Inc.
Quote Reply
Re: How's this possible? In reply to
I've had to combat spam quite a few times and find the quickest, simplest way to do it is to rename 'add.cgi' to something slightly different, update Links.pm with the new name and rebuild! (add.cgi is ONLY referenced from my category pages so I don't have to worry about updating static pages on my site).

Although this can seem like a pain to administer, if you change it on a regular basis it helps to stop any of the submission programs getting a firm hold of your add script location and after a while they'll stop trying.

You could also have a look around and bookmark the various 'Submission' software packages people are selling where they list the SE's and DIR's their software submits to - look to see if you're listed. If they're showing your site send a polite email asking them to add a link to your 'general' submission page that describes how people should proceed, as opposed to the add script itself.

You could also look at your validate table to see if all the spam links are coming in to a specific category or selection of categories, if so, someone may have got the Category ID's and be using them to spoof submissions. If that's the case you can remove the categories (delete that/those specific ID's), add them back in (create new ID's) and then move all the valid links back into their respective places.

As you can see, there's a variety of things you can do, but ultimately you're not going to stop people trying to spam you so you've just got to arm yourself with a few tactics for dealing with them and be swift and ruthless when you find them Smile

Hope this helps.

All the best
Shaun

Quote Reply
Re: How's this possible? In reply to
Yes, you're probably right. It all comes down to a cat and mouse game and how determined the spammer is. I did, however, find a way to be very selective about blocking access to the script by using RewriteRule inside my <VirtualHost></VirtualHost> containers in httpd.conf.

Everything I needed to know and more was found at http://httpd.apache.org/...sc/rewriteguide.html and http://httpd.apache.org/...mod/mod_rewrite.html. I think I now share Pugdog's affection for Rewrite rules. Smile

Mark Brasche
http://SurfSafely.com/
Quote Reply
Re: How's this possible? In reply to
In Reply To:
Everything I needed to know and more was found at http://httpd.apache.org/docs/misc/rewriteguide.html and http://httpd.apache.org/docs/mod/mod_rewrite.html. I think I now share Pugdog's affection for Rewrite rules.
I'll second that. =)

Cheers,

Alex

--
Gossamer Threads Inc.