Form mail security

Discussion in 'ASP General' started by the other john, Jun 25, 2006.

  1. I'm having trouble with spammers getting through my mail script. I've
    heard of FormMail for php but I need a solution for ASP. Any
    suggestions? I don't know how to stop these guys from using my forms
    to spam.

    Thanks!
    John
    the other john, Jun 25, 2006
    #1
    1. Advertising

  2. To add to this...

    Would this help stop spammers using this?

    If Request.ServerVariables("HTTP_REFERER") <>
    "http://my_web_form.com/form.asp Then
    Respose.Redirect "/SorryCharlie.asp"
    Else
    'do the form mail thing
    End if





    the other john wrote:
    > I'm having trouble with spammers getting through my mail script. I've
    > heard of FormMail for php but I need a solution for ASP. Any
    > suggestions? I don't know how to stop these guys from using my forms
    > to spam.
    >
    > Thanks!
    > John
    the other john, Jun 26, 2006
    #2
    1. Advertising

  3. No. Spammers can easily defeat this as well.

    the other john wrote:
    > To add to this...
    >
    > Would this help stop spammers using this?
    >
    > If Request.ServerVariables("HTTP_REFERER") <>
    > "http://my_web_form.com/form.asp Then
    > Respose.Redirect "/SorryCharlie.asp"
    > Else
    > 'do the form mail thing
    > End if
    >
    >
    >
    >
    >
    > the other john wrote:
    >> I'm having trouble with spammers getting through my mail script.
    >> I've heard of FormMail for php but I need a solution for ASP. Any
    >> suggestions? I don't know how to stop these guys from using my forms
    >> to spam.
    >>
    >> Thanks!
    >> John


    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
    Bob Barrows [MVP], Jun 26, 2006
    #3
  4. Ugh! Ok...any suggestions?

    Thanks!


    Bob Barrows [MVP] wrote:
    > No. Spammers can easily defeat this as well.
    >
    > the other john wrote:
    > > To add to this...
    > >
    > > Would this help stop spammers using this?
    > >
    > > If Request.ServerVariables("HTTP_REFERER") <>
    > > "http://my_web_form.com/form.asp Then
    > > Respose.Redirect "/SorryCharlie.asp"
    > > Else
    > > 'do the form mail thing
    > > End if
    > >
    > >
    > >
    > >
    > >
    > > the other john wrote:
    > >> I'm having trouble with spammers getting through my mail script.
    > >> I've heard of FormMail for php but I need a solution for ASP. Any
    > >> suggestions? I don't know how to stop these guys from using my forms
    > >> to spam.
    > >>
    > >> Thanks!
    > >> John

    >
    > --
    > Microsoft MVP -- ASP/ASP.NET
    > Please reply to the newsgroup. The email account listed in my From
    > header is my spam trap, so I don't check it very often. You will get a
    > quicker response by posting to the newsgroup.
    the other john, Jun 26, 2006
    #4
  5. Maybe CAPTCHA?

    the other john wrote:
    > Ugh! Ok...any suggestions?
    >
    > Thanks!
    >
    >
    > Bob Barrows [MVP] wrote:
    >> No. Spammers can easily defeat this as well.
    >>
    >> the other john wrote:
    >>> To add to this...
    >>>
    >>> Would this help stop spammers using this?
    >>>
    >>> If Request.ServerVariables("HTTP_REFERER") <>
    >>> "http://my_web_form.com/form.asp Then
    >>> Respose.Redirect "/SorryCharlie.asp"
    >>> Else
    >>> 'do the form mail thing
    >>> End if
    >>>
    >>>
    >>>
    >>>
    >>>
    >>> the other john wrote:
    >>>> I'm having trouble with spammers getting through my mail script.
    >>>> I've heard of FormMail for php but I need a solution for ASP. Any
    >>>> suggestions? I don't know how to stop these guys from using my
    >>>> forms to spam.
    >>>>
    >>>> Thanks!
    >>>> John

    >>
    >> --
    >> Microsoft MVP -- ASP/ASP.NET
    >> Please reply to the newsgroup. The email account listed in my From
    >> header is my spam trap, so I don't check it very often. You will get
    >> a quicker response by posting to the newsgroup.


    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
    Bob Barrows [MVP], Jun 26, 2006
    #5
  6. Oh COOL! Checkin' it out now....

    I'll be a good poster and show what I'm doing. Can't vouch for it yet,
    just looking but for those searching for the same solution....

    http://www.u229.no/stuff/Captcha/





    Bob Barrows [MVP] wrote:
    > Maybe CAPTCHA?
    >
    > the other john wrote:
    > > Ugh! Ok...any suggestions?
    > >
    > > Thanks!
    > >
    > >
    > > Bob Barrows [MVP] wrote:
    > >> No. Spammers can easily defeat this as well.
    > >>
    > >> the other john wrote:
    > >>> To add to this...
    > >>>
    > >>> Would this help stop spammers using this?
    > >>>
    > >>> If Request.ServerVariables("HTTP_REFERER") <>
    > >>> "http://my_web_form.com/form.asp Then
    > >>> Respose.Redirect "/SorryCharlie.asp"
    > >>> Else
    > >>> 'do the form mail thing
    > >>> End if
    > >>>
    > >>>
    > >>>
    > >>>
    > >>>
    > >>> the other john wrote:
    > >>>> I'm having trouble with spammers getting through my mail script.
    > >>>> I've heard of FormMail for php but I need a solution for ASP. Any
    > >>>> suggestions? I don't know how to stop these guys from using my
    > >>>> forms to spam.
    > >>>>
    > >>>> Thanks!
    > >>>> John
    > >>
    > >> --
    > >> Microsoft MVP -- ASP/ASP.NET
    > >> Please reply to the newsgroup. The email account listed in my From
    > >> header is my spam trap, so I don't check it very often. You will get
    > >> a quicker response by posting to the newsgroup.

    >
    > --
    > Microsoft MVP -- ASP/ASP.NET
    > Please reply to the newsgroup. The email account listed in my From
    > header is my spam trap, so I don't check it very often. You will get a
    > quicker response by posting to the newsgroup.
    the other john, Jun 26, 2006
    #6
  7. Incidentally this is what happened. What is it they are doing here?
    Would limiting the number of characters in the suject field help? as
    you can see they blocked their IP address. thanks!

    From:
    Date: Sun, 25 Jun 2006 00:01:11 -0400
    To: xxxx@xxxxxxxxxxcom
    Subject:


    MESSAGE SENT FROM XXXXXXX.NET
    MESSAGE FROM:
    SENDERS EMAIL:
    SENDERS IP ADDRESS: a
    bcc:
    Content-Type: multipart/alternative;
    boundary=ddc847aa92d6c6e1cdc07252e628e393
    Subject: to th frantic cheers iv th multichood

    --ddc847aa92d6c6e1cdc07252e628e393
    Content-Transfer-Encoding: base64
    Content-Type: text/plain

    YWxsIHRoZSBlbnF1aXJpZXMsIGFuZCBnaXZlbiBhbGwgdGhlIGFkdmljZSBzaGUgdGhvdWdodCBw
    cm9wZXIsIGNhbGxlZCBvdXQgdG8gdGhlIHBhcnR5LCB3aG8gd2VyZSBzdGlsbCBhbXVzaW5nIHRo
    ZW1zZWx2ZXMgd2l0aCB0aGUgY29tbXVuaWNhdGl2ZSByaXNobWFuLCBhc3RhLCBiYXN0YSwgY29z
    aSBjb21lLCB3ZSBoYXZlIGxvc3QgdGltZSBlbm91Z2ggaG9tcHNvbiwgZ2V0IG9uIHIuIGV4dGVy
    LCBwdXQgdXAgdGhlIGhlYWQgb2YgdGhlIGJhcm91Y2hlIGF0

    --ddc847aa92d6c6e1cdc07252e628e393--
    ..

    SENDERS COMPUTER INFORMATION:
    TIME SENT: 6/25/2006 12:01:11 AM

    ------MESSAGE IS AS FOLLOWS------



    ------END MESSAGE------





    the other john wrote:
    > Oh COOL! Checkin' it out now....
    >
    > I'll be a good poster and show what I'm doing. Can't vouch for it yet,
    > just looking but for those searching for the same solution....
    >
    > http://www.u229.no/stuff/Captcha/
    >
    >
    >
    >
    >
    > Bob Barrows [MVP] wrote:
    > > Maybe CAPTCHA?
    > >
    > > the other john wrote:
    > > > Ugh! Ok...any suggestions?
    > > >
    > > > Thanks!
    > > >
    > > >
    > > > Bob Barrows [MVP] wrote:
    > > >> No. Spammers can easily defeat this as well.
    > > >>
    > > >> the other john wrote:
    > > >>> To add to this...
    > > >>>
    > > >>> Would this help stop spammers using this?
    > > >>>
    > > >>> If Request.ServerVariables("HTTP_REFERER") <>
    > > >>> "http://my_web_form.com/form.asp Then
    > > >>> Respose.Redirect "/SorryCharlie.asp"
    > > >>> Else
    > > >>> 'do the form mail thing
    > > >>> End if
    > > >>>
    > > >>>
    > > >>>
    > > >>>
    > > >>>
    > > >>> the other john wrote:
    > > >>>> I'm having trouble with spammers getting through my mail script.
    > > >>>> I've heard of FormMail for php but I need a solution for ASP. Any
    > > >>>> suggestions? I don't know how to stop these guys from using my
    > > >>>> forms to spam.
    > > >>>>
    > > >>>> Thanks!
    > > >>>> John
    > > >>
    > > >> --
    > > >> Microsoft MVP -- ASP/ASP.NET
    > > >> Please reply to the newsgroup. The email account listed in my From
    > > >> header is my spam trap, so I don't check it very often. You will get
    > > >> a quicker response by posting to the newsgroup.

    > >
    > > --
    > > Microsoft MVP -- ASP/ASP.NET
    > > Please reply to the newsgroup. The email account listed in my From
    > > header is my spam trap, so I don't check it very often. You will get a
    > > quicker response by posting to the newsgroup.
    the other john, Jun 26, 2006
    #7
  8. the other john

    Evertjan. Guest

    the other john wrote on 26 jun 2006 in
    microsoft.public.inetserver.asp.general:
    > Would this help stop spammers using this?
    >
    > If Request.ServerVariables("HTTP_REFERER") <>
    > "http://my_web_form.com/form.asp Then
    > Respose.Redirect "/SorryCharlie.asp"
    > Else
    > 'do the form mail thing
    > End if



    Sure, your code will not do any mailing after "Respose".


    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., Jun 26, 2006
    #8
  9. uh..yea....it was a typo.


    can you tell what this guy was trying to do here by the way? I'd
    appreciate it, thanks.


    Evertjan. wrote:
    > the other john wrote on 26 jun 2006 in
    > microsoft.public.inetserver.asp.general:
    > > Would this help stop spammers using this?
    > >
    > > If Request.ServerVariables("HTTP_REFERER") <>
    > > "http://my_web_form.com/form.asp Then
    > > Respose.Redirect "/SorryCharlie.asp"
    > > Else
    > > 'do the form mail thing
    > > End if

    >
    >
    > Sure, your code will not do any mailing after "Respose".
    >
    >
    > --
    > Evertjan.
    > The Netherlands.
    > (Please change the x'es to dots in my emailaddress)
    the other john, Jun 26, 2006
    #9
  10. the other john

    Evertjan. Guest

    the other john wrote on 26 jun 2006 in
    microsoft.public.inetserver.asp.general:
    > Evertjan. wrote:
    >> the other john wrote on 26 jun 2006 in
    >> microsoft.public.inetserver.asp.general:
    >> > Would this help stop spammers using this?
    >> >
    >> > If Request.ServerVariables("HTTP_REFERER") <>
    >> > "http://my_web_form.com/form.asp Then
    >> > Respose.Redirect "/SorryCharlie.asp"
    >> > Else
    >> > 'do the form mail thing
    >> > End if

    >>
    >>
    >> Sure, your code will not do any mailing after "Respose".


    [please do not toppost on usenet]

    > uh..yea....it was a typo.
    >
    > can you tell what this guy was trying to do here by the way? I'd
    > appreciate it, thanks.


    What Guy?
    I would not know.
    I am no a mind reader.

    But more interesting is what you want, methinks.

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., Jun 26, 2006
    #10
  11. Thanks!

    Yes, I am using JMail in this case. This is what I've done so far...

    I went with CAPTCHA solution. I have it working correctly. How much
    more secure it is I don't know. This is what I'm using.
    http://www.tipstricks.org/

    I also did a mid() on the fields such as IP and subject, etc. to limit
    how much would go through. I hadn't thought of doing a replace(). I
    have dealt with CHR(10) before however, sorry. What is your method for
    using Replace for multiple conditions? I mean doing 2 or 3 replaces on
    a single dim or something?

    I'm looking into the validation now, thanks!



    Alex wrote:
    > Hi John!
    >
    > I've read this thread, but I can't find what "mailer" you're using.
    > With "mailer" I mean "are you using CDOSYS or CDONTS, or JMail maybe?
    > Some other flavor? This might be of importance. If you're using JMail,
    > the most important thing to do is check your HEADER fields for
    > linefeeds/-breaks. So, replace each & every CHR(10)&Chr(13) with
    > nothing, or a dash, whatever, just no breaks. Breaks make the
    > mailercomponent think another header is comming up. You can use
    > breaksline/feeds in the body though. However, it might be good
    > practise to replace every linefeed/break everywhere. As far as the
    > other options are concerned, I use so-called one-time-pads with my
    > forms. This however might be a long short for you. As the IP can't be
    > checked as you say, you might considder checking for valid e-mail
    > addresses. There are quite solid methods to do that. Check this for
    > example:
    > http://www.powerasp.com/content/code-snippets/functions/IsValidEmail.asp
    > There are better options though which check for genuine addresses.
    > This involves requests to other servers though.
    > Returning to the hidden IP; can't you "just" ignore each request
    > comming from a hidden IP? Anyway, this as well is a good read:
    > http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay
    > It opened my eyes for sure!
    > Anyway, let us know more please!
    >
    > Best regards,
    > - Alex.
    >
    >
    > On 25 Jun 2006 11:30:50 -0700, "the other john" <>
    > wrote:
    >
    > >I'm having trouble with spammers getting through my mail script. I've
    > >heard of FormMail for php but I need a solution for ASP. Any
    > >suggestions? I don't know how to stop these guys from using my forms
    > >to spam.
    > >
    > >Thanks!
    > >John
    the other john, Jun 27, 2006
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Curt_C [MVP]
    Replies:
    5
    Views:
    354
    Karim
    May 19, 2004
  2. Aaron
    Replies:
    1
    Views:
    339
    John C. Bollinger
    Aug 4, 2003
  3. Tim
    Replies:
    12
    Views:
    1,261
    kchayka
    Jul 15, 2005
  4. nauticalmac

    Mail insertion hack on Send Mail form

    nauticalmac, Dec 23, 2005, in forum: ASP General
    Replies:
    0
    Views:
    265
    nauticalmac
    Dec 23, 2005
  5. Ferrous Cranus
    Replies:
    42
    Views:
    363
    Ferrous Cranus
    Sep 6, 2013
Loading...

Share This Page