mail to form -- block senders

Weedy Lady · #1 (**permalink**) 11-28-2004, 03:03 PM

I use a "mail to" form on my web site for visitors to send me messages. There is a company in Korea that regularly sends extremely long messages in jaberwoky, except for the links they contain. I would like to block this company from using my "send me an e mail" form.

I am using a validator code (as of today) to force people to enter their name and e mail address, because I have sometimes received messages that really need a reply, but they didn't have an e mail address on them.

I really would like to block just this one company from using the form............I do not understand perl,cgi or other scripts. I need a "copy this and put it exactly here" bit of information.

The cgi script in use was supplied by my web hosting company. The send me an e mail page is here, if you want to check the coding:
http://www.happydaycards.com/newslet...N_E_MAIL_B.htm

Any help that anyone can give me will be most appreciated.

cyanide · #2 (**permalink**) 11-28-2004, 04:50 PM

I usually advise to my clients not to use these types of scripts. They are often exploited and hackable. I often see in my log files, sniffers, looking for these types of cgi scripts.

In fact I have these scripts disabled on my servers for this reason. a php script might be the better way to go.

You said they're in Korea... does that mean you know the ip address too? Because you could just block that ip from accessing your website altogether.
In fact, if your website doesn't really attract potential viewers in this country, you could just block entire ip address blocks.

Weedy Lady · #3 (**permalink**) 11-28-2004, 09:15 PM

Thanks for your reply. You said:
"I usually advise to my clients not to use these types of scripts. They are often exploited and hackable. I often see in my log files, sniffers, looking for these types of cgi scripts."

I have just spent the afternoon trying to find a php script that I could actually use. I have downloaded several but (after reading their instructions and documentation) could not understand what to do with them. I tried using them on my own computer, but nothing would go through. Guess that means I have to work with them uploaded to my hosting company server?

Sorry to be such a dunce. I know how to design fun on line greeting cards, but not a lot else, except that I do know how to write html.

I want to have a form that works and is not subjet to being hacked, though. I've had enough trouble with trying to get my newsletter sent to the 1,000 aol people that have signed up for it without leaving a hole for someone to use and create more problems for me! (My newsletter is NOT just for aol people, that is how many of them are on my mailing list....) I had to jump through more hoops than a circus dog to get whitelisted with aol, after being blacklisted about 4 times. Had to get a new IP addresses from my hosting company in the process, too.

You say you have disabled your cgi scripts. How is that done?

cyanide · #4 (**permalink**) 11-28-2004, 10:56 PM

I should actually have been more clear. Not all cgi/perl scripts are bad, but I've found most of the ones that webhosts make available are.

These are the ones that are disabled. They are done server-wide, but we make it up by offering php auto-installer scripts.

Yes, php scripts won't work unless they are on a server with php installed.

Did you try blocking the ip of these people?

Weedy Lady · #5 (**permalink**) 11-28-2004, 11:21 PM

Little problem there.......I deleted the messages received a couple weeks ago and put their address on my block list with my isp's spam program, so I haven't received one for a while. They could still be sending them, but I'm not getting them on this end. I just wanted to keep them from using the program on my site, as I'm sure it uses some of my bandwidth allotment. But if I get another one I'll try to block them from using the site,for sure. Guess I'll have to take them off the block senders e mail list to find out.

Sounds like I need to contact my hosting company to see about the php thing, but I know they have it available. They might even be able to help me customize the script. MIGHT.

The two php zip files I downloaded were from:
1. written by George A. & Calin S. from Web4Future.com
2. http://www.stadtaus.com/
Do you know if these are good ones?
Since I can't read and make sense of any of the scripts I don't know if they are good ones or not.

I could send a copy of my present perl script that is in my cgi bin to you (I trust you) in a private e mail if you want to look at it and see if it is a secure one to use or if I should replace it with one of the php scripts I downloaded. Let me know if I should do that.

Thanks for your continuing help!

cyanide · #6 (**permalink**) 11-29-2004, 12:38 PM

I think I have tried that stadtus one before, but can't remember exactly.

Actually, that form you're using looks pretty good.
I'll drop you a pm

Weedy Lady · #7 (**permalink**) 11-29-2004, 07:13 PM

Just wrote you a fairly long PM.

cyanide · #8 (**permalink**) 11-29-2004, 09:39 PM

Quote:

Originally Posted by Weedy Lady

Just wrote you a fairly long PM.

haha, yes it is... I replied

Weedy Lady · #9 (**permalink**) 11-30-2004, 10:15 PM

I have sent two e mails to you this afternoon that did not go through -- at least neither one of them appeared in my sent box.

So, hopefully you will see this post. I don't know what else to do at 8:10 PM except call you, and I think it may be much later than that where you are.

I have about 8 questions/issues and then will be ready to move, probably.

Weedy Lady · #10 (**permalink**) 11-30-2004, 10:20 PM

I found all the messages. They are sitting in my outbox and never got sent.

computergenius · #11 (**permalink**) 12-05-2004, 08:58 AM

Quote:

Originally Posted by Weedy Lady

I have just spent the afternoon trying to find a php script that I could actually use. I have downloaded several but (after reading their instructions and documentation) could not understand what to do with them. I tried using them on my own computer, but nothing would go through.

Unless you have PHP running on your computer, which sounds highly unlikely, then you will just see the code

Quote:

Originally Posted by Weedy Lady

Guess that means I have to work with them uploaded to my hosting company server?

And if your hosting company server does not have PHP, you will still not see anything.
Try this - create a page with a header and a body, and in the body just put
<?
phpinfo()
?>
call the page test.php, and upload it to your server.

If you just see what you typed in, then your server doesn't have PHP installed. If you see loads of information (that you won't understand (:0->) then it is working, and you can use the PHP script on your server.

Weedy Lady · #12 (**permalink**) 12-05-2004, 09:15 AM

Thanks for your reply. My old server did have php, and so does my new hosting company (which is the one owned by Cyanide, by the way). I just wasn't thinking at the time I wrote the entry that of course it has to be on line to be used!

Since I've changed hosting companies this past week I've been too busy to think about things like playing with php scripts. Another day of "to do" things on my part and I should have some time for that.

Now -- before 10 helpful people write to ask me why it was so much work to change servers -- a lot of it is because I finally have really good stats after two years of lousy ones, and I've been able to find some "stuff" that's been going on like who is stealing my bandwidth big time, and then deal with it. Part of it is checking out the tons of new scripts that are available for use, and part of it was fixing the errors I made in uploading. My site is pretty large, so it's not a quickie half hour process like it used to be when it was half the size with no forms, etc. to deal with.

Onward and upward.