I'm a Links lover, and chose Links to display my weekly newspaper column. I had played with Links long ago as well, and often wrote about it or comments favorable to others on it. Moreover, the generosity and expertise from the moderators to the mod makers is the BEST! However, before my site was even opened, I was literally spammed to death.

Within a period of days only after I installed Links 2.0, templates, I noticed people submitting their sites. In short, within a period of only 2 weeks I had over 30,000 submissions and at a rate of about 3,000 a day, I had to do something fast!

Of course, the first steps were to include in the links.cfg file only my domain and IP address. So I was able to manage a stop on the automatic Web submission programs themselves. And then through the great help of BMXER and others, I installed the outstanding mod "BLOCKURL.TXT" which slowed down submission users from certain IP addresses and domain names. But to no avail, it was too much as the submissions still kept pouring in.

I finally removed all "add site" links on every template and also removed in my add.html page the form tag to submit. And yet I was still get daily submissions. This confused me. How could they still be adding? These submitters had to have gathered enough information from the add.cgi script and bypassed the add form itself.

I then removed my add.cgi script and that fixed it. I actually had no intention in having the public add URLs to my Links, just my own comments and URLs of sites that I referenced in my stories, etc.

A FIX? I figured out how to do a search on those sites that were linked to mine. I was surprised to find like 5. I approached all of them and asked them to remove my site. I would like to somehow stil use links, maybe rename the add.cgi file? I'm not sure how exactly.

Anyone want a 50 megabyte 'validate.db' file? That was how big the last one was in just a few days since I deleted the last big .db file!

Comments welcome.

Well, if you wanted only certain people to comment, you could get a random password generator, integrate it into something that would record this random password, and a username they select, then have it send you the information. This would be so people would have to register before adding. Or you could have people add comments by email, then put them up yourself in the admin. The first thing i said would be like if you put the add.cgi script in your admin folder, so they would have to login to get to it. Oh, the people were still able to add, because they wrote all the variables in the address or location bar in their browsers.
If you don't want to do either, you can put some of the things from rate.cgi or whatever that make it so people can't add twice. And also make the add script check the validate.db first before it adds the link. If the link is already there it'll bring an error saying its there. If you want to do this way, i'll tell you how. Sorry your still getting flooded. I'd love to get that if i was running a links sql, or trying to be the next Yahoo(with the right system(s), like Altavista who run their software on like 6 boxes).

Lavon

Thanks Bmxer. I think your 'BlockURL.txt' solution was among the best mods to fight spammers. I found using your blockurl.txt file allowed me to easily go into the Admin Menu and modify the blockurl.txt file by adding domains or IP addresses. And it did work!

However, there are just too many Web submission businesses, and submission software programs, that it's so easy for one submission employee to move to another another computer and change their IP address or domain name.

And I also discovered once the submission businesses figure out how to spam you, they circle the script around and before you can blink thousands are visiting your script, not your site. I probably have a list of 100 offending IP addresses and more domains.

In retrospect, in looking at some of the spammed URL submissions, the submitters were giving valid domain names but also lots of phoney contact e-mail addresses. And probably 50 percent of them were the type of Web sites you wouldn't really want to list anyway.

I also don't think having to connect to an outside database to check for offending domains will work either. Unless the database is physically on one's own server, then it makes more sense.

And I think the weakness is not so much the URL being added, as that can be quickly verified and reviewed, but it's more the submitter themselves. And most good Web submission software is savy enough to know the tricks on how to submit automatically and through the browser too.

I agree I should move the ADD.CGI into the password protected /ADMIN folder and then even rename it. Can you tell me exactly if I did rename ADD.CGI all of the files and places I need to change? This actually might be a good idea to rename this file each week.

Thanks!!

If you renamed your script, most likely, all you would need to edit would be the templates you use, and also links.cfg at the bottom.

you should just make users login before they are allowed to add.. this would get rid of the modify problems too..

jerry

check this site and see if it might help you

http://www.novia.net/~tomcat/HowTo/domainrestric.html

Maybe you could add a new field to your links.def and a hidden completed input on your add page, make the field a required field then change the fields name or required input every week or so, spammers would be out of date every time you do this.

[This message has been edited by chmod (edited October 03, 1999).]

[This message has been edited by chmod (edited October 03, 1999).]

Hello,

Check out these links at www.bignosebird.com

BNB Apache tutorial:
http://www.bignosebird.com/apache.shtml

Using the Mod Rewrite URL Rewriting Engine to Deal with Bad Robots and Pesky Spambots:
http://www.bignosebird.com/apache/a9.shtml

A Users Guide to URL Rewriting with the Apache Webserver:
http://www.engelschall.com/pw/apache/rewriteguide/

Creating a blackhole:
http://www.bignosebird.com/apache/a12.shtml

I am sending email sucking robots to an empty page on my site. It contains no email address nor link to my site (very important).
When they visit they leave empty handed.

Thanks

someone sugested to change add.cgi, not a bad idea. i like to know if i need to change anything else other than the templates

A variation on Widgetz' suggestion to have the user login --install Phoenix' Add Confirmation mod http://www.gossamer-threads.com/...es/Detailed/173.html This modifies add.cgi a bit, and puts a submit button "stop" in the submitting process.