[FX.php List] Fwd: spam and php fmp sites

Joel Shapiro jsfmp at earthlink.net
Thu Oct 18 13:48:26 MDT 2007


Hmm...

I'm not sure how things would be different for an 'authorized' vs.  
'unauthorized' user this way.

And I don't know what/when/how you're switching the status from 10 to  
17.

Any clarification?

-Joel


On Oct 18, 2007, at 12:09 PM, Gjermund Gusland Thorsen wrote:

> My solutions all contain the field "status"
>
> in which all php scripts inject the value 10
> I also harvest the referring script and the executed script as well  
> as the IP
>
> Then it's simple to wash the data and make all valid data status=17
> for example and if you are not sure you can also validate against the
> other fields collected.
>
> ggt667
>
> On 10/18/07, Joel Shapiro <jsfmp at earthlink.net> wrote:
>> Hi all
>>
>> I'm forwarding something from a local colleague.  He's got a site
>> that's getting hit with form submissions by spammers.
>>
>> He works for a school district.  The site is not meant for the
>> general public, although it is apparently publicly available and is
>> not password protected.
>>
>> Any quick suggestions for them?
>>
>> (Sorry the post is so long, but I figured I might as well forward his
>> whole message.)
>>
>> Thanks,
>> -Joel
>>
>>
>> Begin forwarded message:
>>
>>> Subject: spam and php fmp sites
>>>
>>> Any suggestions on how to stop spam from being submitted on a PHP
>>> FileMaker
>>> web registration solution, running on a Windows 2003 Server with
>>> FMAS9?
>>>
>>> The solution does not ask for any password.  Users can hit it over
>>> the web.
>>> I am not sure how spammers found it if not from webbots....
>>>
>>> One of the functions of the solution is to allow users to send a
>>> suggestion
>>> via email.  The user goes to a page where they fill in a suggestion
>>> text
>>> field and hit a submit button which creates are record and
>>> generates an
>>> email message with to a backend fmp user with the contents of the
>>> suggestion
>>> field they filled out.
>>> -------------Some spam is beig generated from this function where
>>> the emails
>>> sent contain spam url's that heve been entered into the suggestion
>>> text
>>> field.
>>>
>>> Another function of the solution is where users can register for a
>>> workshop.
>>> They choose a workshop from a list and then fill in their user
>>> information
>>> and then click a "register" (submit) button which creates a new
>>> record in
>>> the solution.  Spam URL's are appearing in the user background
>>> infomration
>>> text fields from these bogus registrations.
>>>
>>> I was thinking that if I required authentication from one account
>>> therefore
>>> giving all users of the system the same password would prevent the
>>> spam.
>>>
>>> or
>>>
>>> The instead of FM authentication, make it look like there is a
>>> password
>>> needed by giving out to all users a universal password which is
>>> actually
>>> just a phrase they enter into a field when first entering the
>>> solution and
>>> clicking on a submit button which does a search for that
>>> phrase...if the
>>> phrase is not correct they are sent to an error page if it is found
>>> they are
>>> taken to the registration menu.
>>>
>>> Any ideas on how to stop this?  Is anyone encountering similar
>>> problems...where spammers are filing out forms and submitting them
>>> with SPAM
>>> content??
>>>
>>> Thanks for your help!
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list



More information about the FX.php_List mailing list