Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 MOD: Reduce SPAM harvesting
 New Topic  Topic Locked
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 2

Kerry
Average Member

USA
553 Posts

Posted - 21 March 2001 :  07:02:07  Show Profile  Visit Kerry's Homepage
Regarding this thread:
http://forum.snitz.com/forum/link.asp?topic_id=6632

It looks as though bulk email list compilers may be noticing Snitz forums in general as a good source of harvesting email addresses.

This is a replacement for pop_mail.asp and took less time to do than to write this. Basically, it just removes the recipients email from the HTML all together and grabs it from the db based on user ID.

Next step should be pop_profile.

Link:
http://www.cantonweb.com/kerrycode/pop_mail.txt


-Kerry

Edited by - kerry on 21 March 2001 07:13:13

Kerry
Average Member

USA
553 Posts

Posted - 21 March 2001 :  07:36:45  Show Profile  Visit Kerry's Homepage
In pop_profile.asp at around line 162, look for:

<tr>
<td bgColor=<% =strPopUpTableColor %> align=right width="10%" nowrap><b><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>">Email Address: </font></b></td>
<td bgColor=<% =strPopUpTableColor %><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"> <a href="JavaScript:openWindow('pop_mail.asp?id=<% =rs("MEMBER_ID") %>')"><% =ChkString(rs("M_EMAIL"), "display") %></a> </font></td>
</tr>


And replace it with this:

 <tr>
<td bgColor=<% =strPopUpTableColor %> align=right width="10%" nowrap><b><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>">Email User: </font></b></td>
<td bgColor=<% =strPopUpTableColor %>><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><a href="JavaScript:openWindow('pop_mail.asp?id=<% =rs("MEMBER_ID") %>')"><% =ChkString(rs("M_NAME"),"display") %></a></font></td>
</tr>


-Kerry



Edited by - kerry on 21 March 2001 08:15:06
Go to Top of Page

blackinwhite
Average Member

Turkey
657 Posts

Posted - 21 March 2001 :  10:41:00  Show Profile
it is really great mod and works fine.Thank you very much Kerry. That could be nice if added to the next version.

Go to Top of Page

jramers
Junior Member

133 Posts

Posted - 21 March 2001 :  13:51:24  Show Profile
Excellent, works perfect. I knew it wasn't that big a hack but a very important one. Thanks.

Edited by - jramers on 21 March 2001 13:51:48
Go to Top of Page

Kerry
Average Member

USA
553 Posts

Posted - 21 March 2001 :  14:19:31  Show Profile  Visit Kerry's Homepage
quote:

Excellent, works perfect. I knew it wasn't that big a hack but a very important one. Thanks.



No prob. It's a small but (I think) potentially impactful code change
I'd kinda like to see implimented *here* (hint, hint, nudge, nudge )

-Kerry

Go to Top of Page

Rob Poretti
Junior Member

Canada
435 Posts

Posted - 21 March 2001 :  14:43:06  Show Profile  Visit Rob Poretti's Homepage
Thank-you, thank-you...

These kinds of mods are to me, as important (perhaps even more so), than some of the flashy new features that have been coming down the pipe...

Cheers Kerry!

Rob

Go to Top of Page

Kerry
Average Member

USA
553 Posts

Posted - 21 March 2001 :  14:48:40  Show Profile  Visit Kerry's Homepage
If anyone wants to see this before they impliment it, I've got it running and
so far can't find any "leaks" where an address shows up. If you see one, let me
know and we'll get the patch kit out right away .

Demo: www.cantonweb.com/forums/default.asp

-Kerry

Edited by - kerry on 21 March 2001 14:49:21
Go to Top of Page

work mule
Senior Member

USA
1358 Posts

Posted - 21 March 2001 :  14:50:25  Show Profile
Nice modification. It was simple enough to implement, but it's important. It adds more protection for users of Snitz! Thanks!

You have my vote (whatever that's worth) for putting this in the standard.

Go to Top of Page

Kerry
Average Member

USA
553 Posts

Posted - 21 March 2001 :  17:37:01  Show Profile  Visit Kerry's Homepage
I was curious about the actual ease with which this site could be
"harvested" for addresses so I spidered it with no filters on using a cheap
shareware spider.


And....





-Kerry

Go to Top of Page

wedont
Junior Member

Canada
344 Posts

Posted - 21 March 2001 :  17:54:46  Show Profile
Is this script "allergic" to v3.1sr2 (cookie conflict) or is it safe to implement ?

Thanks,


Wedont
snitz ver3.1 sr2
access 2k.
Go to Top of Page

Kerry
Average Member

USA
553 Posts

Posted - 21 March 2001 :  17:57:39  Show Profile  Visit Kerry's Homepage
It should be fine (line #'s will be different) because no cookies are involved.

...And I just noticed it can grab UIN's as well.

-Kerry

Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 21 March 2001 :  18:28:57  Show Profile
At my Hotmail account, I've reached the limit of blocked addresses in my Block Adresses list (I think it's a 250 address limit).

My Yahoo Blocked Addresses list is growing everyday.
Go to Top of Page

Kerry
Average Member

USA
553 Posts

Posted - 21 March 2001 :  18:43:28  Show Profile  Visit Kerry's Homepage
Yup. The reason I tend to pay attention to spam-related issues is that I
run my own mail servers. Having a large number of email users, I'm frequently
trying to correct / avoid spam-related problems. For nearly a week
I banned the entire countries of Thailand and Peru.

I recently began using MAPS Blackhole service, but I still have to login
almost nightly and block IP's or servers - or email the abuse@'s that can
either cancel an offending account or close up a relay somebody left open.

I don't use IM's, but I've heard spam is becoming a headache there as well.

-Kerry

Edited by - kerry on 21 March 2001 18:46:12
Go to Top of Page

wedont
Junior Member

Canada
344 Posts

Posted - 21 March 2001 :  19:21:40  Show Profile
Thanks Kerry, Most Appreciated!

BTW for v3.1 user, to prevent any cookie conflict:
In the New pop_mail.asp use this (around line:116):


	Err_Msg = ""
if rs("M_EMAIL") <> " " then
if strAuthType="nt" then

'## Forum_SQL
strSql = "SELECT M_NAME, M_USERNAME, M_EMAIL "
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS"
strSql = strSql & " WHERE M_USERNAME = '" & Session(strCookieURL & "userid") & "'"

elseif strAuthType="db" then

'## Forum_SQL
strSql = "SELECT M_NAME, M_EMAIL "
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS"
strSql = strSql & " WHERE M_NAME = '" & Request.Cookies(strCookieURL & "User")("Name") & "'"

end if


to replace this:

		Err_Msg = ""
if rs("M_EMAIL") <> " " then
strSql = "SELECT M_NAME, M_USERNAME, M_EMAIL "
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS"
strSql = strSql & " WHERE "&Strdbntsqlname&" = '" & STRdbntUserName & "'"



PS:Kerry, your site cantonweb.com is awesome.



Wedont
snitz ver3.1 sr2
access 2k.

Edited by - wedont on 21 March 2001 19:47:31
Go to Top of Page

James
Average Member

USA
539 Posts

Posted - 21 March 2001 :  21:53:31  Show Profile  Visit James's Homepage
Kerry, you do have a nice site.

The security fix looks good too. However, I
still run 3.0sr2 and I imagine it would be a
lot more involved for me. I've been hesitant
to upgrade as I have several mods I don't
want to lose and waiting on a version of
snitz which has most of these mods and also
has Private Messages (which means I'll
probably have to do a two step upgrade to
3.1 first, then to that version). Anyway,
checked out the fix on your site and it
works as promised. I like the fact that the
e-mail is never revealed.


-

*Interested in Radio Control*
*The RC Web Board - http://www.rcwebboard.com/*


Edited by - James on 21 March 2001 21:58:11
Go to Top of Page

Kerry
Average Member

USA
553 Posts

Posted - 21 March 2001 :  23:38:29  Show Profile  Visit Kerry's Homepage
James,

You might want to backup your current copies of pop_profile & pop_mail and give it a shot with wedont's code above. I'm not sure which part of my brain was asleep to let me think there wasn't a cookie-compat issue between 3.1 and sr4 in this code .

Anyway, the 3.1 files *might* work - I'm not familiar enough with the cookie history to be able to give an reliable opinion. I'd give it a try and if it doesn't work, reload you old files and we'll see what we can do to modify your old files.

-Kerry

Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Next Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.21 seconds. Powered By: Snitz Forums 2000 Version 3.4.07