Author Topic: The fight against spam and spam bots  (Read 12003 times)

Offline hidden

  • Expert Member
  • Senior Member
  • *****
  • Posts: 1348
  • LaughLots
The fight against spam and spam bots
« on: February 25, 2007, 07:57:56 AM »
I have 2 questions:

1. If you suspect that a spam bot has found your e-mail address, how does one find out which spam bot has found the e-mail address hidden in a CSB form?

2. How does one put one of those encrypted text images in a form? A person completing a form has to read and decipher the curled or twisted text and enter the correct text into a field of the form before the form's submit button becomes available/clickable yet the correct text is not in the source.
:dogwalksm: Ed

Offline hidden

  • Sami
  • Administrator
  • Senior Member
  • *****
  • Posts: 5923
  • Not a geek. Just a Nerd.
    • CSB Tutorials
Re: The fight against spam and spam bots
« Reply #1 on: February 25, 2007, 09:05:19 AM »
1.  You can look at your logs to see which IP are accessing which pages and block those IP.  But that really doesn't work well as once one bot gets your addy, it will spread.

2. CAPTCHA = The image thing for input.  You can add many things to make your form secure, but CAPTCHA is only one road block.  Many of the bots can read the basic images.  That's why more and more of the captcha images are twisted, lined, dotted, etc to further distort the lettering contained in the image.  I did find a stand-alone free captcha site but unfortunately, it is tied to encrypting the email address too. Take a look at this page: h**p://w2.syronex.com/jmr/safemailto/
The bad news is that if the email addy is not regular characters, the GlobalSCAPE server will not process the form for you!  So I have NOT found a viable way to add this service to an existing CSB form.

YOU are getting spammed from your own form.  It could be far worse!!!
- The good news is that the form does not allow 100's of others to get spammed.
- The good news is that your host has not ripped your site down because your form has caused your site to tie up server resources sending hundreds of emails,
- The good news is that your site has not been blacklisted for being a spammer!

The bad news is that YOU get spammed from your own form. Not by humans, but by robots that wander the web.  They find the form again because you got on their list. Simple as that.  If you were running a form script on your site that was insecure, you would be in WORSE shape than you are now.

You CAN do things to limit or stop your problem.

- Continue to use a CSB form for a while longer by putting a simple password protection in front of the form.
Post the password on the page near the link to the form for PEOPLE to read like this:  password_is_in_navy_letters_only let18qna4xme37611xu131xin  or create your OWN CAPTCHA image. Bots would miss this but people could access. Your human visitor would type in the password to access the form.
---In CSB5, you can password protect a single page (the form page). 
---If you have access to cPanel, you can use WEBPROTECT feature to password protect. 
---Or use .htaccess file to define a password if your host allows it. 
---Even a simple Javascript password protection script (a basic roadbump with no real "security") would do what is necessary. See one here.

- Replace the CSB form.   Either:
use a different 3rd party form processor.  Lots of them. Some paid, some free. These sites would act like the GlobalSCAPE server does, sending your form information through thier server on to your email addy.  One of these services, cutandpastescripts.com is demonstrated here.  Another that I have not tried but looks promising is h**p://www.responders.com/

OR

install a script on your own site.  Make sure the form script you choose has protections against inserted codes and fields. This is the best long term solution!

Run a form script on your OWN website to process forms.  Bright side...more control, more options.  Down side...You must install the script and you must maintain control or risk your site being pulled down by the host for spamming!  You must make sure the script you use is SECURE. If it can be broken and used to send several thousand emails by a spambot, you are responsible for the scripts you run. You must update and stay on guard.

- Use a CGI/Perl type form script.  Lots are free...and very insecure!  Some are paid with more security.
- Use a PHP type form script. In my opinion, this is the BEST option. So far this offers the best protection from spambots.   MANY MANY MANY scripts offered. Go to HOTSCRIPTS.COM to find a suitable script. 

Basically the FORM code is the same...Same input fields for your visitor and they would not see a difference that way.  But the code you would purchase (if your host allows a PHP form code) does MANY things for you:
- would pull the data from the form and verify it
- check for inserted extra coding (spammers try to force thier code into your form to send to 10-200-500 people at one time using YOUR form),
- check for changes to the form/content (try to send it to other address instead of yours)
- keeps your email address private
- allows you to require certain fields
- allows you to send automated responses and/or copy to customer that is sending the form.
- and more....etc.

There are 3 parts to a form (made with CSB)
- The header (defines which order the fields are sent to you, email address, etc) that tells the server what to do with the form when it is sent by the visitor. This is put at the beginning of the form.
- The fields this is the name, address, etc part of the form itself seen by your visitor.
- The send/submit buttons. This part activates the form & data when the visitor invokes the send button.

PHP forms are almost the same concept.  But they require SCRIPTING to work.
Main difference:  The header. 

The CSB form is fully readable in your source code. Your email address is exposed and the form has NO built in protections.  The header tells the server to send your forms to the GlobalSCAPE server for processing.  Your website server is NOT used to forward that email.  The GlobalSCAPE server has some limited protections (max # forms per hour, max # fields) but can not protect you further. 

The PHP form header points to a file that is stored BEYOND access of the casual visitor to your website. The email address, the definitions, the routing information, etc that is in the CSB form is now moved OUT of the form code and put into other files that can't be read by spammers. The files are FAR more complicated than CSB forms because they do so much more than CSB could ever do.  Setup takes a while for the first one.  You put files where you are told, fill in a few blanks the way YOU want them to be (name of fields, address, etc), answer some questions, etc then tweak the CSB built form header to point to the PHP code or use the sample forms they provide to begin (the best choice!).  The PHP script will send you the email like CSB form does now, or can produce HTML style forms in your email!  All choices you make within the script.  The script will run from your website space and draw against your bandwidth usage. BUT be far more secure.

Though I still use some CSB forms on the site, I switched my main contact form to ultimate form mail.
Added a couple javascript pieces to the page so my PHP form now:
1 runs in an iframe, so thank you page is contained within my contact page, no change of overall page.
2 prevents ENTER key from submitting form too early (IE and FIREFOX)
3 has colored input (in IE) fields

I hesitate to recommend ANY script. One that is known to be secure today may not be tomorrow. Or may not be available for sale.
« Last Edit: February 25, 2007, 09:17:22 AM by Samrc »
-Samantha
TNG: "Sometimes, you can make no mistakes, do everything right, and still lose" - Capt Picard to Data
(:turtle: In memory of Turtle: May 22, 1944 - Nov 24, 2007  GURU, mentor, and really nice guy! :turtleleft: )

Offline hidden

  • Expert Member
  • Senior Member
  • *****
  • Posts: 1348
  • LaughLots
Re: The fight against spam and spam bots
« Reply #2 on: February 25, 2007, 02:47:49 PM »
Wow! Samantha, thanks for all the options.

1. I will try to have the IP's blocked by my hosting service provider.

2. I have tried the password protection text letters and it did work for a while until the spammers figured it out. I have already stopped using some of the CSB forms and have flash passwords on the site and backend spam blocking software on the server. The software recognizes the passwords and deletes everything else, but there is still so much spam getting through. I will look at CATPCHA. 
:thankyousign:

:dogwalksm: Ed

Offline hidden

  • Sami
  • Administrator
  • Senior Member
  • *****
  • Posts: 5923
  • Not a geek. Just a Nerd.
    • CSB Tutorials
Re: The fight against spam and spam bots
« Reply #3 on: February 25, 2007, 03:48:29 PM »
Your spam...describe it....

Coming in from your own form....
--that spam may not be coming from YOUR website. Someone might have copied your form to their site and are using it for processing forms (seen it happen).
--Or you may have a VISITOR that is getting past your security measures. YOU CAN NOT STOP THEM. We get them on the forums.  People like that go from site to site and inject characters into forms to produce spam or post spam sales ads on forums. That's their JOB.

Are you getting regular spam mail on that address?
--Once your email addy was compromised, you will get tons of spam from many places. As you move to more secure email/form options you should change to a fresh email address that has not been compromised.
--If you are on the TCH server (and others with similar setups), you should set your default email address to  :fail:  so anything that is sent to your domain, but not to a valid email address is dumped.  Ex:  If you have only an email address of 123 @ domain.com and you get emails to webmaster @ domain.com, the ONLY ones to get through would be the ones directed to the real, viable email addresses. The others are pre-loaded by spammers as expected email addresses and really were not sent to YOU.
--If possible, stay away from expected email addresses that spammers target (admin@, webmaster@, etc) and go with unusual addys that will not be on the top10 list used by spammers.
-Samantha
TNG: "Sometimes, you can make no mistakes, do everything right, and still lose" - Capt Picard to Data
(:turtle: In memory of Turtle: May 22, 1944 - Nov 24, 2007  GURU, mentor, and really nice guy! :turtleleft: )

Offline hidden

  • Expert Member
  • Senior Member
  • *****
  • Posts: 1348
  • LaughLots
Re: The fight against spam and spam bots
« Reply #4 on: February 26, 2007, 08:55:10 AM »
Samantha wrote:
Quote
Your spam...describe it....
The spam is 80% text formated and 20% HTML/rich formated e-mail. Only the e-mail addresses that were originally (up to 2 years ago) on our web site are spammed. Our main problems are: we have a membership that uses one e-mail address to sub/unsubscribe to/from the mail list, and we have another e-mail address that is used for a general contact us form. Up to about November last year our mail server received about 100 spam e-mails per day. Around that time, I looked for a means to reduce the unwanted traffic. You may recall on the GS forum we wrote about it. One of the options I tried was Ultimate Form Mail but I could not make it work, so after searching I found Flash Form Builder which I am using now. The bulk of the spam is for stuff like zap sales, illegal software, penny stocks, and jumbled text which looks like it comes from story books or history books. Some of the HTML emails have links to web sites with plenty of pop-up windows for one arm bandits, casinos, etc. Since the intro. of the flash form spam has reduced. We do not bounce emails any more.  The From addresses are seldom the same. The weirdest domains appear. Our blacklist archive has also been increased by 16MB. That's a lot of e-mail addresses!

If you look at the flow of incoming e-mails starting at our host (not TCH but Apache on Linux), about 20% of spam per day per account is transferred to spam folders there. They do not reach our mail server. Then at our mail server (Lan Suite 602 on Microsoft), we have anti-spam software installed which eliminates about 60% of this spam before the rest is delivered to the mail in-boxes. It can unfortunately delete non-spam if set too sensitively. At in-box level, we have our own internal software which protects in-boxes. The problem is trying to stop the approx 100 spam per day from reaching the mail server. I thought that if I could trace the spam bots I could block those e-mails somehow.

Forever wishful  :luck:

Thanks for the good advice.
:dogwalksm: Ed

Offline hidden

  • Sami
  • Administrator
  • Senior Member
  • *****
  • Posts: 5923
  • Not a geek. Just a Nerd.
    • CSB Tutorials
Re: The fight against spam and spam bots
« Reply #5 on: February 26, 2007, 12:05:43 PM »
oK....

I have the main email addy on the --- site, unprotected for years now.  We have 3 levels of spam filtering...and still get about 20 per day that get past all the filters into our corporate mail box.  You can not depend on programs to capture the emails.  And blacklisting addresses doesn't work either. Some of the addresses you have banned are not even involved with the spam! Many of those addresses are being SPOOFED. And if you are reporting them to hosts or other companies, you could actually get someone on a blacklist that does not belong. :(

Most SPAM is not sent specifically to your email address.

On Samisite and others that I have worked on at TCH, I use the :fail: as default address, that trims a TON of crud at the server level.  Anything that is not specifically addressed to a working viable email address is tossed. Check with your host if they have a similar function on their servers. It is wonderful. This one setting stops SO MUCH spam! We don't even choose to save it in a spam bucket.  Just allow it to be dumped with no review/retrieval. Then the SpamAssassin software prunes any emails going to the viable addresses and captures known spam on those addresses. This cuts down the spam to nearly nothing on those accounts. :boogie:

Long term, as you get secure forms in place you should swap out the old spoiled email addys with fresh ones.  If you want some help getting the UFM to work on your site, let me know. So far, I have had good luck with it on my own and other sites.
« Last Edit: April 18, 2010, 11:34:10 AM by Samrc »
-Samantha
TNG: "Sometimes, you can make no mistakes, do everything right, and still lose" - Capt Picard to Data
(:turtle: In memory of Turtle: May 22, 1944 - Nov 24, 2007  GURU, mentor, and really nice guy! :turtleleft: )

Offline hidden

  • Expert Member
  • Senior Member
  • *****
  • Posts: 1348
  • LaughLots
Re: The fight against spam and spam bots
« Reply #6 on: February 26, 2007, 04:44:25 PM »
I forgot to mention that I also have the following protection for the contact us form. In an attempt to :resistance: simulate :resistance: something like Captcha you mentioned above, I created flash. It uses a random function to generate password codes and the person submitting the form must enter the shown password to submit the form. It is at the bottom of our contact us form. At the server level any e-mail that is received with an incorrect password is deleted. This has also reduced spam. The draw back is that if a person makes a typo, the e-mail gets deleted at the server level after the sender receives the mail sent successfully message in the browser.

I am not clear what spoofing is relating to spamming. I've heard of the term being used in different contexts, e.g. keeping WAN connections alive by sending empty packets.

Many thanks for your kind offer for assistance with UFM. May I reserve it for a later date as I presently have other prioritized projects. I looked at ---'s site. It looks like there are many pages and the UFM looks good too.

Have you seen w*w.emailtrackerpro.com ? It is used to track the origin of mail received.


« Last Edit: April 18, 2010, 11:35:01 AM by Samrc »
:dogwalksm: Ed

Offline hidden

  • Sami
  • Administrator
  • Senior Member
  • *****
  • Posts: 5923
  • Not a geek. Just a Nerd.
    • CSB Tutorials
Re: The fight against spam and spam bots
« Reply #7 on: February 26, 2007, 05:00:27 PM »
 :ss-shocked: You could be losing legit emails from customers with that server-side dump if the visitor is not notified of the error and actually thinks the form was submitted. At least with scripts like UFM, you are told it will not be sent. You can test out a UFM in an IFRAME on my contact page (samisite.com/contact.htm).  By the way, I have switched a couple of the --- forms to UFM but not the main form yet...Expect to do that this weekend  :luck: if time permits.
« Last Edit: April 18, 2010, 11:35:42 AM by Samrc »
-Samantha
TNG: "Sometimes, you can make no mistakes, do everything right, and still lose" - Capt Picard to Data
(:turtle: In memory of Turtle: May 22, 1944 - Nov 24, 2007  GURU, mentor, and really nice guy! :turtleleft: )

Offline hidden

  • Expert Member
  • Senior Member
  • *****
  • Posts: 1348
  • LaughLots
Re: The fight against spam and spam bots
« Reply #8 on: February 27, 2007, 05:24:45 AM »
Yes, that can happen. As a temporary measure, I've just changed the rules on the server to move incorrect passworded forms to a separate folder. Someone here will have to check the folder on a regular basis. I've just spoken to my hosting service and they said the :fail: command will not have an effect due to their setup on their systems. They use Trellix (web).

I also put the forms in an Iframe on the tpacc site in a further attempt to defray spambots.

That ---- site is like an adventure. There are lots of cool things like flash, messages that you can scroll, and a nice site map too. Let me know when the UFM main form is up.
« Last Edit: April 18, 2010, 11:33:20 AM by Samrc »
:dogwalksm: Ed

Offline hidden

  • Global Moderator
  • Senior Member
  • *****
  • Posts: 1497
  • I Dare to Dream!
    • InspirationMotivation.com
Re: The fight against spam and spam bots
« Reply #9 on: February 28, 2007, 10:44:14 PM »
I still use Honey Pot to check and report offending harvesters --- http://www.projecthoneypot.org/index.php. These are some really good ideas here - someone should head over to cute and get ok frank looking here in response to his most recent question.  :yes:
Success is a way of life found moment by moment

Offline hidden

  • Expert Member
  • Senior Member
  • *****
  • Posts: 1348
  • LaughLots
Re: The fight against spam and spam bots
« Reply #10 on: March 01, 2007, 04:42:13 AM »
We tried all sorts of spam stopping software until we came accross MailWasher which has worked extremely well for us.
:dogwalksm: Ed