On Tue, 20 Nov 2007 19:58:50 +1100 (EST), "Owen" <[EMAIL PROTECTED]>
wrote:
>> I am using a modified version of the old formmail.pl script on my
>> website to get information requests mailed to me.
>> I have modified the script to NOT send email other than to two fixed
>> (hardcoded) addresses (myself and our sales dept). I had to do this
>> becvause spammers started to use my request pages as spam entry
>> points.
>>
>> Now the spammers have advanced and are filling the fields with html
>> links in the hope that someone will click the links...
>>
>> So I want to expand the script to block sending altogether if the body
>> contains forbidden words like 'href=' or 'http://'.
>>
>> But I have no clue as regards PERL programming so I would like to get
>> some help in this.
>>
>> I have a form field called 'Feedback' that is loaded with the contents
>> of a text box on my page. This text block is what I want to check for
>> the forbidden words and either modify the subject of the outgoing
>> email by adding something like '*** SPAM ***' to it or else not send
>> the email at all if forbidden words are found.
>>
>> I think that the textbox contents can be retrieved by the following
>> function:
>> $CONFIG{'Feedback'}
>>
>> What I would like to do is to add a new function right before the mail
>> send call inside the main procedure which could set an error if the
>> feedback contains the forbidden words.
>>
>> The main procedure now looks like this:
>>
>>
>> # Check Referring URL
>> &check_url;
>>
>> # Retrieve Date
>> &get_date;
>>
>> # Parse Form Contents
>> &parse_form;
>>
>> # Check Required Fields
>> &check_required;
>>
>> # Return HTML Page or Redirect User
>> &return_html;
>>
>> # Send E-Mail
>> &send_mail;
>>
>> I would like to have a checking procedure right in front of
>> &send_mail, which will fail the script if the forbidden words are
>> present.
>
>
>That's one of Matt's scripts and maybe you missed the world wide movement
>to get everyone off Matt's scripts. Anyway, if you got that going, you
>would find
> Gunnar Hjalmarsson Contact Form a better and easier choice, and more
>secure. See:
>http://search.cpan.org/~gunnar/CGI-ContactForm-1.42/lib/CGI/ContactForm.pm
>
>You set up your form in half a dozen lines, and that's it!
>
>I am sure that you can set up spam filters to do what you want. There is a
>optional argument called spamfilter where you set up a regex and the
>example in the doco is '(?i:</a>|\[/url])' but you can adjust that
>yourself
>
>To modify Formmail.pl, you would need to;
>a: Set up a hash of banned words including the url form
>b: Take the output of the form and discard it if it matches anything in
>the banned word list.
>
>Owen
I know that Matt's FormMail is a bit insecure, but I have based my
site on it after cutting a lot of it out. For example it is not able
to send anything to anyone by entering an email address. All sending
is done strictly to hardcoded recipients (us).
The problem is that we are now being swamped by requests filled with a
lot of http links instead of our customers business related questions.
It hurts only our sales people who have to read all of the crap the
spammers enter. So I would like to stop it right at the website by not
sending anything at all out with links in the text.
Since we have had the site running about 10 years now with the
FormMail derivative script I don't feel like changing it, but you
never know in the future...
So I will surely bookmark the link you gave for future reference.
Thanks for replying!
Bo Berglund
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
