Preventing spammers from using mail form

"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
news:g61qeq$eug$1@registered.motzarella.org...
> Voodoo Jai wrote:
>> On Jul 21, 12:43 am, MikeB <MPBr...@gmail.com> wrote:
>>> I created a small website for a friend. On this website he has a
>>> contact page where people can send him email. When I wrote this page I
>>> checked some tutorial pages and they warned about certain precautions
>>> to take to avoid spammers using the mail form to spam multiple
>>> people.
>>>
>>> I believe I did most of that, such as making sure that the header
>>> fields does not include multiple addresses, etc.
>>>
>>> Now it does seem some spammer has discovered this website and he is
>>> spamming my friend. 20 emails today.
>>>
>>> So I figure I need to add more things to the script to stop him. One
>>> obvious thought that came to my mind is to use a captcha. Will that be
>>> the way to go or are there other things that I need to do?
>>>
>>> The website is (owen pool care [dot] com), (remove all spaces)if
>>> anyone is interested in looking at the sitet.
>>>
>>> I guess I can also post it somewhere, but I don't know exactly where.
>>>
>>> Thanks for any advice.
>>
>> How about reporting the Email sender for spamming, NOT SURE but I
>> think you take the domain name and send an email to the ISP something
>> like this "abuse@isp-domain-name.com" I may be wrong but someone else
>> will be able add more. Or just google report spammers for more info.
>>
>> VoodooJai
>>
>
> How do you know who the ISP is? Spammers often use proxies, for instance,
> so you don't know their original IP.
>
> And even if you do, many ISP's don't care their users are spamming and
> will do nothing about it. Only better ones will take any action, and that
> will almost always just be a "don't do this again" to the spammer.
>
> It's not like hosting companies who will kill a spammer's account.

oh, so now you've got experience with 'many' isp's? your head is up your
ass, jerry. *every* ISP i've contacted about a spammer they unwittingly
hosted was very glad to have the mail headers...and then kick the bastard.

it costs them money to host a spammer both in resources and in reputation.
don't talk about this like you know something. your speaking out of the back
of your ass once again!

On Jul 21, 4:14 am, Voodoo Jai <voodoo...@btinternet.com> wrote:

> How about reporting the Email sender for spamming, NOT SURE but I
> think you take the domain name and send an email to the ISP something
> like this "ab...@isp-domain-name.com" I may be wrong but someone else
> will be able add more. Or just google report spammers for more info.
>

Not sure it would work in this instance. The guy isn't a run of the
mill spammer, he must have some bot that fills in the email submission
page on my friend's website. So the email headers etc. all points to
my friend's web hosting company.

I did modify hte script to track the IP addresses of who is filing in
the form and it was all over the map - Germany, Latvia, etc.

But still, I only have an IP address. It will be an enormous pain to
track down the ISP and the particular user for each and every IP
address. And then the guy may have used a proxy or something.

So all in all, I'm just glad I stopped him. Reporting him isn't
something I'm going to waste energy on.

MikeB wrote:
> On Jul 21, 1:55 am, Geoff Berrow <blthe...@ckdog.co.uk> wrote:
>> Message-ID:
>> <edcd4a73-d3b9-4e52-b186-e891b95a3...@w7g2000hsa.googlegroups.com> from
>> MikeB contained the following:
>>
>>> So I figure I need to add more things to the script to stop him. One
>>> obvious thought that came to my mind is to use a captcha. Will that be
>>> the way to go or are there other things that I need to do?
>> Personally I hate captchas and I think they are over the top for a
>> simple enquiry form like this. I like captchas when they are there for
>> /my/ security but this one isn't, it's for your client's benefit alone.
>> Besides accessibility issues, they are just another obstacle for
>> potential customers - never a good idea. So I'd look for other ways
>> first and use CAPTCHA as a last, rather than first resort.
>>
>> One of my client's forms was being spammed by a bot that filled all
>> fields with garbage. One simple way to stop this is to have an extra
>> field, hidden by CSS
>>
>> <label for='secret_field' style='display:none'>Please leave blank <input
>> name='secret_field'id='secret_field'></label>
>>
>> The bot will either fill the field with garbage or omit it entirely,
>> both easily detectable.
>>
>> --
>> Geoff Berrow 0110001001101100010000000110
>> 001101101011011001000110111101100111001011
>> 100110001101101111001011100111010101101011http://slipperyhill.co.uk
>
> This is a nice idea. I'll look into it. For now, last night I
> implemented a captcha and it stopped the spam. That is a great help.
>
> Thanks for all the advice.

I typically use a word-based captcha, i.e. "How much is 2 + 5?", or "how
much is 30 divided by 6?"

Most hackers won't bother to decode it to send spam - it's not worth it
for a small list. And, of course, you can always change the wording,
i.e. "what do you get when you add two to five?"

Other ideas include "Which comes first - January or July?" and similar
questions which can easily be answered by a person (even a disabled
user), but not so easy for many computers.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
news:g6bfie$v39$1@registered.motzarella.org...

<snip>

>> This is a nice idea. I'll look into it. For now, last night I
>> implemented a captcha and it stopped the spam. That is a great help.
>>
>> Thanks for all the advice.
>
> I typically use a word-based captcha, i.e. "How much is 2 + 5?", or "how
> much is 30 divided by 6?"

what's sad is that once you've enabled this on your sites, you've locked
yourself out of them...till you get someone who can do math. :)