Contact Page MOD

Snitz™ Forums 2000
https://forum.snitz.com/forumTopic/Posts/68380?pagenum=1
05 November 2025, 11:10

Topic

leatherlips
Contact Page MOD
11 March 2009, 17:40


I have posted a Contact Page MOD over at SnitzBitz. Thanks to Carefree and TastyNutz for helping me add the features I wanted to have in it.
The purpose of this mod is to provide a contact page that visitors to your site can use to easily contact you.
This contact page has several features built in.
  • It checks to see if all fields have been entered. If not, it gives a warning to go back and fill in the necessary information.
  • It includes an anti spam code that a user must input correctly before the form will be sent. This helps to prevent bots from automatically spamming your contact page.
  • The email address that the contact form is sent to is hidden in the source code. This helps to prevent bots from learning your email address and spamming it.
  • It includes a character count that limits how much can be typed. The default is 500 characters but can easily be changed.
  • It includes an automatic spam filter that detects known words used in spam emails. If any of the words are detected then the form will not be sent and the user will automatically be redirected to the website of your choice.
You can go here to download it.

 

Replies ...

HuwR
11 March 2009, 18:02


Nice idea.
Etymon
12 March 2009, 00:00


Yes, Thank you for the MOD!
Shaggy
12 March 2009, 04:31


Good work, LL; surprised it's taken this long for somebody to come up with a mod like this.
A nice addition to the readme might be instructions on how to replace all occurrences within the base code of the admin e-mail address with a link to this page instead and how to edit faq.asp to use a dummy e-mail address rather than the admin's one.
And how about an admin panel to change the character limit (or disable it) and specify words and terms for the spam filter.
HuwR
12 March 2009, 05:48


I would edit faq.asp to point at the contact page rather than put a dummy email.
Shaggy
12 March 2009, 06:04


Forgot about that link to e-mail the admin.
I was actually referring to the FAQ themselves, though, specifically the one related to posting links.
leatherlips
12 March 2009, 10:37


Thanks for the input guys. I have rewritten the instructions to explain how to link the faq.asp page to the new contact.asp page, how to change the admin email address in the example to an example email address found on the faq.asp page and explain how to link the register.asp page to the contact.asp page.
I still need to write instructions for policy.asp version 3.4.05 but I no longer have an original copy of that to write the insructions for. Anyone have one? Or is inc_policy.asp in 3.4.06 the same as policy.asp in 3.4.05?
bobby131313
12 March 2009, 10:42


Great job, I'll be using it soon. Curious, does it check for the BCC exploit?
AnonJr
12 March 2009, 10:57


Originally posted by leatherlips
I still need to write instructions for policy.asp version 3.4.05 but I no longer have an original copy of that to write the insructions for. Anyone have one? Or is inc_policy.asp in 3.4.06 the same as policy.asp in 3.4.05?

It may still be up on the SourceForge page, but I'm not sure you want to continue to enable those back at 3.4.05... I'd use it as a stick to get people to move up - but that's just me.
leatherlips
12 March 2009, 11:00


Originally posted by bobby131313
Great job, I'll be using it soon. Curious, does it check for the BCC exploit?
I'm not familiar with the BCC exploit. What is the exploitation?
bobby131313
12 March 2009, 11:03


Spammers can inject a /n somehow then list BCC addresses. Then when they hit send it copies the email to all those addresses. I got hit with it on a contact form I made myself and got on some blacklists.
I'll see if I can get a link that explains it better.
bobby131313
12 March 2009, 11:11


http://www.anders.com/projects/sysadmin/formPostHijacking/
Shaggy
12 March 2009, 11:16


Not an issue as this is ASP not CGI.
bobby131313
12 March 2009, 11:31


Okie dokie then. bigsmile
HuwR
12 March 2009, 11:40


Originally posted by Shaggy
Not an issue as this is ASP not CGI.

it is still possible to exploit ASP forms too if you do some research on google
leatherlips
12 March 2009, 21:27


I've updated the mod to version 1.1. It now includes a checkbox the sender of the form can select if they would like to receive a copy of the message they are sending sent to their own email address. I have also updated the instructions a bit and included a screenshot of the contact page (see below).
Shaggy
13 March 2009, 05:42


Originally posted by HuwR it is still possible to exploit ASP forms too if you do some research on google
True, of course smile I was just referring to the specific exploit Bobby linked to which was for CGI.
I actually think (but need confirmation), given how inc_mail.asp is written with all e-mail headers specified explicitly, that Snitz can't be hijacked like that - if it could, I'm sure we would have heard about it by now wink
HuwR
13 March 2009, 08:02


I actually think (but need confirmation), given how inc_mail.asp is written with all e-mail headers specified explicitly, that Snitz can't be hijacked like that - if it could, I'm sure we would have heard about it by now

I'm not so sure, how else would one send email? As far as I know they all work like that for ASP, I think the forums strength is that you need to be logged in with a valid email address in order to use the email facility and you are therefore traceable, whereas these exploits are on drive by contact forms that anyone can submit you do not need to be registered to use them.
TastyNutz
14 March 2009, 08:49


Originally posted by Shaggy
[black]Good work, LL; surprised it's taken this long for somebody to come up with a mod like this.
There was already a basic mod for hiding the admin email. http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=65403&SearchTerms=contact+admin

But nobody noticed the pop up form itself still left the admin email exposed.
Etymon
14 March 2009, 14:51


If you want transparent numbers (no white), then here are the icons ... Download.
This is what they look like:

Carefree
14 March 2009, 15:36


Line 250 is missing the source information for the javascript routine. It should say
Code:
			"<script type=""text/javascript"" src=""fieldlimiter.js"">" & vbNewLine & _
HuwR
14 March 2009, 17:26


there really is no point in using scrollcode tags to display a single line of code. It is a lot easier to read if you just use a normal code tag
HuwR
14 March 2009, 17:28


Originally posted by Etymon
If you want transparent numbers (no white), then here are the icons ... Download.
This is what they look like:



I'm pretty sure the numbers are supposed to be that way, it isn't a white background if you look closely, it is striped.
leatherlips
14 March 2009, 17:43


Originally posted by Carefree
Line 250 is missing the source information for the javascript routine.
Actually, it is not incorrect. I added it just like the instructions said from the source (Dynamic Drive). Mine works perfectly on my page the way I have it. The javascript source is in the inc_header page as per the instructions.
Regarding numbers, you can use any number gifs you want. Just overwrite the ones I included with your own.
Carefree
14 March 2009, 18:51


Originally posted by HuwR
there really is no point in using scrollcode tags to display a single line of code. It is a lot easier to read if you just use a normal code tag

I have it encoded in a macro, I'll have to write a new one for this forum.
Etymon
14 March 2009, 19:10


Originally posted by HuwR I'm pretty sure the numbers are supposed to be that way, it isn't a white background if you look closely, it is striped.

Good spot, Huw. I didn't see that. I began wearing glasses last spring for the first time ever. I often kid myself by thinking I don't need them for reading the monitor! sad
HuwR
15 March 2009, 02:43


Originally posted by HuwR I'm pretty sure the numbers are supposed to be that way, it isn't a white background if you look closely, it is striped.

Good spot, Huw. I didn't see that. I began wearing glasses last spring for the first time ever. I often kid myself by thinking I don't need them for reading the monitor! sad
LOL, you are obviously getting old like me, I started when I could no longer hold my pda far enough away to see it smile now I can't even see anything on my PC without glasses, it is just a fuzzy blur. Oh the joys of getting older.
Etymon
15 March 2009, 03:12


Doh! shock
Etymon
15 March 2009, 04:55


Hey leatherlips,

Did you include password.asp in your MOD?
leatherlips
15 March 2009, 07:40


Originally posted by Etymon
Hey leatherlips,

Did you include password.asp in your MOD?
No. Do you have a suggestion?
Etymon
15 March 2009, 13:38


Not really. Just was pointing out that the administrator's email address is exposed there as well. I'm not sure about Snitz 3.4.06, but since it is in Snitz 3.4.07, I am guessing the same code is in Snitz 3.4.06.
Snitz 3.4.07 - password.asp

Line 67:

If this problem persists, please contact the <a href=""mailto:" & strSender & """>Administrator</a> of the forums.
Line 72:

If this problem persists, please contact the <a href=""mailto:" & strSender & """>Administrator</a> of the forums.
Line 95:

If this problem persists, please contact the <a href=""mailto:" & strSender & """>Administrator</a> of the forums.
Line 100:

If this problem persists, please contact the <a href=""mailto:" & strSender & """>Administrator</a> of the forums.
leatherlips
15 March 2009, 17:16


I didn't realize the password.asp page did that.
I guess you could change each line to something like this:

If this problem persists, please <a href=""contact.asp"">contact</a> the Administrator of the forums.
© 2000-2021 Snitz™ Communications