Form mail security

[the other john]

I'm having trouble with spammers getting through my mail script. I've
heard of FormMail for php but I need a solution for ASP. Any
suggestions? I don't know how to stop these guys from using my forms
to spam.

Thanks!
John

 

[the other john]

To add to this...

Would this help stop spammers using this?

If Request.ServerVariables("HTTP_REFERER") <>
"http://my_web_form.com/form.asp Then
Respose.Redirect "/SorryCharlie.asp"
Else
'do the form mail thing
End if

 

[Bob Barrows [MVP]]

No. Spammers can easily defeat this as well.

To add to this...

Would this help stop spammers using this?

If Request.ServerVariables("HTTP_REFERER") <>
"http://my_web_form.com/form.asp Then
Respose.Redirect "/SorryCharlie.asp"
Else
'do the form mail thing
End if

 

[the other john]

Ugh! Ok...any suggestions?

Thanks!

No. Spammers can easily defeat this as well.


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

 

[Bob Barrows [MVP]]

Maybe CAPTCHA?

Ugh! Ok...any suggestions?

Thanks!

 

[the other john]

Oh COOL! Checkin' it out now....

I'll be a good poster and show what I'm doing. Can't vouch for it yet,
just looking but for those searching for the same solution....

http://www.u229.no/stuff/Captcha/

 

[the other john]

Incidentally this is what happened. What is it they are doing here?
Would limiting the number of characters in the suject field help? as
you can see they blocked their IP address. thanks!

From: (e-mail address removed) (e-mail address removed)
Date: Sun, 25 Jun 2006 00:01:11 -0400
To: xxxx@xxxxxxxxxxcom
Subject: (e-mail address removed)


MESSAGE SENT FROM XXXXXXX.NET
MESSAGE FROM: (e-mail address removed)
SENDERS EMAIL: (e-mail address removed)
SENDERS IP ADDRESS: a
bcc: (e-mail address removed)
Content-Type: multipart/alternative;
boundary=ddc847aa92d6c6e1cdc07252e628e393
Subject: to th frantic cheers iv th multichood

--ddc847aa92d6c6e1cdc07252e628e393
Content-Transfer-Encoding: base64
Content-Type: text/plain

YWxsIHRoZSBlbnF1aXJpZXMsIGFuZCBnaXZlbiBhbGwgdGhlIGFkdmljZSBzaGUgdGhvdWdodCBw
cm9wZXIsIGNhbGxlZCBvdXQgdG8gdGhlIHBhcnR5LCB3aG8gd2VyZSBzdGlsbCBhbXVzaW5nIHRo
ZW1zZWx2ZXMgd2l0aCB0aGUgY29tbXVuaWNhdGl2ZSByaXNobWFuLCBhc3RhLCBiYXN0YSwgY29z
aSBjb21lLCB3ZSBoYXZlIGxvc3QgdGltZSBlbm91Z2ggaG9tcHNvbiwgZ2V0IG9uIHIuIGV4dGVy
LCBwdXQgdXAgdGhlIGhlYWQgb2YgdGhlIGJhcm91Y2hlIGF0

--ddc847aa92d6c6e1cdc07252e628e393--
..

SENDERS COMPUTER INFORMATION: (e-mail address removed)
TIME SENT: 6/25/2006 12:01:11 AM

------MESSAGE IS AS FOLLOWS------

(e-mail address removed)

------END MESSAGE------

 

[Evertjan.]

the other john wrote on 26 jun 2006 in
microsoft.public.inetserver.asp.general:

Would this help stop spammers using this?

If Request.ServerVariables("HTTP_REFERER") <>
"http://my_web_form.com/form.asp Then
Respose.Redirect "/SorryCharlie.asp"
Else
'do the form mail thing
End if

Sure, your code will not do any mailing after "Respose".

 

[the other john]

uh..yea....it was a typo.


can you tell what this guy was trying to do here by the way? I'd
appreciate it, thanks.

 

[Evertjan.]

the other john wrote on 26 jun 2006 in
microsoft.public.inetserver.asp.general:
[please do not toppost on usenet]

uh..yea....it was a typo.

can you tell what this guy was trying to do here by the way? I'd
appreciate it, thanks.

What Guy?
I would not know.
I am no a mind reader.

But more interesting is what you want, methinks.

 

[the other john]

Thanks!

Yes, I am using JMail in this case. This is what I've done so far...

I went with CAPTCHA solution. I have it working correctly. How much
more secure it is I don't know. This is what I'm using.
http://www.tipstricks.org/

I also did a mid() on the fields such as IP and subject, etc. to limit
how much would go through. I hadn't thought of doing a replace(). I
have dealt with CHR(10) before however, sorry. What is your method for
using Replace for multiple conditions? I mean doing 2 or 3 replaces on
a single dim or something?

I'm looking into the validation now, thanks!