Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 Another Anti-Spam Robot Mod?
 New Topic  Reply to Topic
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 2

janaf
Starting Member

Sweden
19 Posts

Posted - 09 December 2006 :  17:16:32  Show Profile  Reply with Quote

I would guess the spam robots use the form field names when they post/register on forums and send mail spam, so why not change form field names to something unknown?

Here is my approach with an example of replacing the form field name for email.

1) In the config file:
Dim strEmailField
'## Assign some whatever value / field name
strEmailField = "xxsxy2hsw35"

2) In register.asp replace all
Request.Form("email")
with
Request.Form(strEmailField)

3) In inc_profile.asp replace
name=""email""
with
name=""" & strEmailField & """

Finished!

Now the spanning software needs to know it should post the email address as a form field value named xxsxy2hsw35.......

The above could of course be done with any/all form field name.

A more advanced version could be to randomly generate the form field names and store them as session variables. Then the form field names would be different each session.

'## if the random generated field names don't excist then create them

if len(session(strCookieURL & "EmailField")) > 0 then
' do nothing
else
randomize()
	strEmailField = ""
	for i = 1 to 8
	      strEmailField = strEmailField & chr(Int(25 * Rnd)+97)
	next
	session(strCookieURL & "Emailfield") = strEmailField
end if

and then substitute in register.asp and inc_profile.asp for
session(strCookieURL & "Emailfield")


The same method could be used to prevent automated posting and mailing.

What do you think?<

Edited by - janaf on 09 December 2006 17:22:01

Etymon
Advanced Member

United States
2385 Posts

Posted - 09 December 2006 :  22:59:33  Show Profile  Visit Etymon's Homepage  Reply with Quote
Very interesting! Thank you for sharing this, janaf. <
Go to Top of Page

janaf
Starting Member

Sweden
19 Posts

Posted - 10 December 2006 :  10:56:10  Show Profile  Reply with Quote
The nice side of this approach is that every field can have a bit of a GateKeeper effect.

I installed the simple version of my mod together with the GateKeeper mod (I did not test the "session variable" version yet). For two days I did not get a single garbage signup . The last months there has otherwise been about 10 per day.

To prevent automated form postings, I think you want the form pages to be 'unpredictable' by machine, i.e form field names, table sizes and instruction texts should be easily changed. Humans are very good at adapting to some changes, while for programs, it gets much more complicated if input is not well structured.

With a multi language Snitz Forum coming? it may be simple to modify the text instructions to the form fields, so they are not always the same.

I am myself a Snitz Forum programming newbie so I can not do these changes, but if someone else wants to to, please do! You can email me for mor ideas if you like. I guess the spam software developers also monitor this site, so in order to stay a little ahead, I would not like to post more details here until a proper mod/release has been made.<
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 10 December 2006 :  12:07:58  Show Profile  Visit HuwR's Homepage  Reply with Quote
That is sort of what we have done here as a test on the registration form, except we added a hidden field which has a randomly generated name as well as a randomly generated value.<
Go to Top of Page

JJenson
Advanced Member

USA
2121 Posts

Posted - 10 December 2006 :  12:58:12  Show Profile  Visit JJenson's Homepage  Reply with Quote
Is this something you are thinking about implementing into the next version HuwR?<
Go to Top of Page

MarkJH
Senior Member

United Kingdom
1722 Posts

Posted - 10 December 2006 :  13:19:19  Show Profile  Visit MarkJH's Homepage  Reply with Quote
I think the random generation way is the only way to go. Anything else added to the next version would be easily incorporated into the spammers various softwares.

If this is successful (which it appears to be - I haven't logged in once and seen any Forum Poster crap on here) then I'd love to see the code that Huw mentioned as a MOD and as future base code.<

Bandlink.net - http://www.bandlink.net/
Bandlink Music Forums - http://www.bandlink.net/forum/
Go to Top of Page

janaf
Starting Member

Sweden
19 Posts

Posted - 10 December 2006 :  13:43:55  Show Profile  Reply with Quote
Yes, lets hope a mod or coming version will incorporate whatever is possible to stop automated spamming.<
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 10 December 2006 :  13:49:19  Show Profile  Visit HuwR's Homepage  Reply with Quote
the lack of Forum Poster crap here may not actually be a result of the code, the Admins here are very vigilant and pretty ruthless at allowing/disallowing registrations here, if anything looks remotely suspect they are simply not validated to register. There is no substitute for human intervention in my opinion<
Go to Top of Page

MarkJH
Senior Member

United Kingdom
1722 Posts

Posted - 10 December 2006 :  17:27:03  Show Profile  Visit MarkJH's Homepage  Reply with Quote
It's got nothing to do with that, Huw. All of the Forum Poster crap that has got through on my site has been email validated by the posting software. Personally, I don't validate anybody unless they specifically contact me to do so. Even then, I usually just delete their membership so that they can try again. A rare case in any point.

I downloaded the software a couple of months back to see how it worked. I noticed that there aren't a lot of Snitz forums in the demo version, in fact only 9. Mine was in there, not sure if Snitz Support was, though.<

Bandlink.net - http://www.bandlink.net/
Bandlink Music Forums - http://www.bandlink.net/forum/
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 10 December 2006 :  17:33:23  Show Profile  Visit HuwR's Homepage  Reply with Quote
allowing disallowing email validation is a manual not an automatic process, so our vigilance has everything to do with it.<
Go to Top of Page

MarkJH
Senior Member

United Kingdom
1722 Posts

Posted - 10 December 2006 :  17:59:26  Show Profile  Visit MarkJH's Homepage  Reply with Quote
So 'Restrict Registration' is switched ON on this site?

Actually, I may have inadvertently found a bug with the software here. I just tried to register (already logged in) and without filling any fields in, clicked submit to get this:

Microsoft VBScript runtime error '800a0009'

Subscript out of range: '[number: 1]'

/forum/register.asp, line 270

Off topic, I know. I should probably post this as a bug.<

Bandlink.net - http://www.bandlink.net/
Bandlink Music Forums - http://www.bandlink.net/forum/
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 10 December 2006 :  18:11:04  Show Profile  Visit HuwR's Homepage  Reply with Quote
yes restrict registrations is enabled here, all attempts to register must be verified by one of the admins.

The error may be related to the test code rather than the forum code so possibly is not a bug in the forum code, I will check<
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 10 December 2006 :  18:34:49  Show Profile  Visit HuwR's Homepage  Reply with Quote
quote:

Microsoft VBScript runtime error '800a0009'

Subscript out of range: '[number: 1]'

/forum/register.asp, line 270


Have fixed that error now, it was in another piece of test code we have here which checks the attempted registration email against a list of known spammers/bogus registration attempts we have in our database<
Go to Top of Page

MarkJH
Senior Member

United Kingdom
1722 Posts

Posted - 10 December 2006 :  18:45:49  Show Profile  Visit MarkJH's Homepage  Reply with Quote
Cool. Glad it wasn't an error with the base code. <

Bandlink.net - http://www.bandlink.net/
Bandlink Music Forums - http://www.bandlink.net/forum/
Go to Top of Page

MarkJH
Senior Member

United Kingdom
1722 Posts

Posted - 10 December 2006 :  19:05:10  Show Profile  Visit MarkJH's Homepage  Reply with Quote
You spoke to soon, Huw. Getting this error, now:

Microsoft VBScript runtime error '800a0009'

Subscript out of range: '[number: 1]'

/forum/register.asp, line 271<

Bandlink.net - http://www.bandlink.net/
Bandlink Music Forums - http://www.bandlink.net/forum/
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 10 December 2006 :  19:18:58  Show Profile  Visit HuwR's Homepage  Reply with Quote
not sure why, since if you don't fill anything in you shouldn't even get to line 271. Why are you trying to register without entering any information anyway ?<
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Next Page
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.26 seconds. Powered By: Snitz Forums 2000 Version 3.4.07