[FX.php List] Fwd: spam and php fmp sites
Gjermund Gusland Thorsen
ggt667 at gmail.com
Thu Oct 18 13:09:47 MDT 2007
My solutions all contain the field "status"
in which all php scripts inject the value 10
I also harvest the referring script and the executed script as well as the IP
Then it's simple to wash the data and make all valid data status=17
for example and if you are not sure you can also validate against the
other fields collected.
ggt667
On 10/18/07, Joel Shapiro <jsfmp at earthlink.net> wrote:
> Hi all
>
> I'm forwarding something from a local colleague. He's got a site
> that's getting hit with form submissions by spammers.
>
> He works for a school district. The site is not meant for the
> general public, although it is apparently publicly available and is
> not password protected.
>
> Any quick suggestions for them?
>
> (Sorry the post is so long, but I figured I might as well forward his
> whole message.)
>
> Thanks,
> -Joel
>
>
> Begin forwarded message:
>
> > Subject: spam and php fmp sites
> >
> > Any suggestions on how to stop spam from being submitted on a PHP
> > FileMaker
> > web registration solution, running on a Windows 2003 Server with
> > FMAS9?
> >
> > The solution does not ask for any password. Users can hit it over
> > the web.
> > I am not sure how spammers found it if not from webbots....
> >
> > One of the functions of the solution is to allow users to send a
> > suggestion
> > via email. The user goes to a page where they fill in a suggestion
> > text
> > field and hit a submit button which creates are record and
> > generates an
> > email message with to a backend fmp user with the contents of the
> > suggestion
> > field they filled out.
> > -------------Some spam is beig generated from this function where
> > the emails
> > sent contain spam url's that heve been entered into the suggestion
> > text
> > field.
> >
> > Another function of the solution is where users can register for a
> > workshop.
> > They choose a workshop from a list and then fill in their user
> > information
> > and then click a "register" (submit) button which creates a new
> > record in
> > the solution. Spam URL's are appearing in the user background
> > infomration
> > text fields from these bogus registrations.
> >
> > I was thinking that if I required authentication from one account
> > therefore
> > giving all users of the system the same password would prevent the
> > spam.
> >
> > or
> >
> > The instead of FM authentication, make it look like there is a
> > password
> > needed by giving out to all users a universal password which is
> > actually
> > just a phrase they enter into a field when first entering the
> > solution and
> > clicking on a submit button which does a search for that
> > phrase...if the
> > phrase is not correct they are sent to an error page if it is found
> > they are
> > taken to the registration menu.
> >
> > Any ideas on how to stop this? Is anyone encountering similar
> > problems...where spammers are filing out forms and submitting them
> > with SPAM
> > content??
> >
> > Thanks for your help!
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
More information about the FX.php_List
mailing list