PDA

View Full Version : my anti-spam measure



SJP
09-19-2004, 11:12 PM
I wanted an easy way users could e-mail the web-site administrator. The easiest I can think of is a mailto: link, because most browsers will invoke the e-mail program when it is clicked. Problem is.... :cry:

The most popular way is to use a SPAM filter of some sort or more extravagent technique like challenge-response. The method I'm using is simplest of all. But, it too has its disadvantages. It won't stop spammers from doing it by hand and you can't add the e-mail address to your address book and expect it to work the next day... These are pretty minor imo. Greatest advantage is very little overhead. Something to think about when your e-mail is getting swamped with SPAM and there are SPAMassassin processes or whatever being dispatched, chewing up your allotted CPU, memory, and disk leaving less for other needs.

What I do is generate a unique code everyday. I use the number of seconds since Jan 1, 1970 the system maintains. I save this number in a js file so that I can retrieve it using javascript. When the web-page loads I use javascript to insert the e-mail address with the subject preset to the code into a mailto: link. For those folks whose browsers don't support mailto: links I also spell out the e-mail address and the number to put in the subject. I manipulate the time value so I can keep the number to four digits or less. So if you do have to do it manually it's not that big of a deal!

When an e-mail comes in procmail will skip it if the code is not found in the subject. Since the code changes everyday who cares if the whole shebang gets picked up by the wrong people! It'll be useless tomorrow! This works under both 1.0 and 2.0. Here's my 1.0 implementation.

1. Create a file in your home directory called "updt.sh". In it put the following and make it executable (chmod 0755 updt.sh):

#!/bin/sh
date '+var code=%s;' >$HOME/www/code.js

2. Create a crontab entry. Better to have this number change when it's least likely someone would use it.

5 4 * * * $HOME/updt.sh

3. In your procmailrc modify this recipe:

:0
* ^TO_<?SJP@
{
CODE=`perl -e '$_=<>;($n)=/(\d+)/;$n-=86400;print $n & 0x0fff;' <$HOME/www/code.js`
:0
* $^Subject:.*$CODE.*
|$HOME/redirect.pl
}

4. In your web-pages include the javascript file containing the code (<SCRIPT TYPE="text/javascript" SRC="code.js"></SCRIPT> and then do something like the following:

<SCRIPT TYPE="text/javascript">
<!--
code-= 86400;
code&= 0x0fff;
document.write("<A STYLE='display:block' HREF=\'MAILTO:SJP@SanJuanPersonals.com?Subject=" + code + "\'>E-mail Us! - SJP@SanJuanPersonals.com<\/A>");
document.write("<U STYLE='font-size:8pt'> Put " + code + " anywhere in the subject (today only!)<\/U>");
// -->
</SCRIPT>

There's no reason why you couldn't use other means like PHP. This is just as effective as challenge-response could ever hope to be and it is so much easier to use. The only real difference between 1.0 and 2.0 is that the environment variable HOME is not set up so hard code it.

SJP

SJP
09-21-2004, 04:29 PM
For those of you that do not want to rely on Javascript or want an easier way to integrate my tatic here's it is.

This method uses an image to represent the code. You hard code your mailto: as before, but display a message that the code has to go in the subject. Instead of trying to explain things see it in action at http://www.SanJuanPersonals.com/ . You could arrange it so that if the e-mail didn't have the code instead of dropping it like a rock as I do you could let SPAMassassin munch on it and maybe stick it someplace the more suspicious stuff goes.

Put the text below in your cgi-bin directory and call it code.pl . Make it executable (chmod 0755 code.pl). Change the home path to reflect your own.

#!/usr/bin/perl
use bytes;
use integer;
use strict;

# c o d e . p l Written By, Jeff S. Dickson 21 September 2004

my $home= '/www/sanjuanpersonals';
my @conv = (
['00','00','e0','07','f0','0f','30','0c','30','0c', '30','0c','30','0c','30','0c',
'30','0c','30','0c','30','0c','30','0c','30','0c', 'f0','0f','e0','07','00','00'],
['00','00','80','01','c0','01','e0','01','80','01', '80','01','80','01','80','01',
'80','01','80','01','80','01','80','01','80','01', 'e0','07','e0','07','00','00'],
['00','00','e0','07','f8','1f','18','18','18','18', '18','1c','00','0e','00','07',
'80','03','c0','01','e0','00','70','00','38','00', 'f8','1f','f8','1f','00','00'],
['00','00','f0','07','f0','0f','30','0c','00','0c', '00','0c','00','0c','c0','0f',
'c0','0f','00','0c','00','0c','00','0c','30','0c', 'f0','0f','f0','07','00','00'],
['00','00','00','06','00','0f','80','0f','c0','0d', 'e0','0c','70','0c','f0','0f',
'f0','0f','00','0c','00','0c','00','0c','00','0c', '00','0c','00','0c','00','00'],
['00','00','e0','0f','f0','0f','30','00','30','00', '30','00','30','00','f0','07',
'e0','0f','00','0c','00','0c','00','0c','30','0c', 'f0','07','e0','03','00','00'],
['00','00','20','00','30','00','30','00','30','00', '30','00','30','00','f0','07',
'f0','0f','30','0c','30','0c','30','0c','30','0c', 'f0','0f','e0','0f','00','00'],
['00','00','f0','0f','f0','0f','30','0c','30','0c', '00','06','00','03','00','03',
'80','01','80','01','c0','00','c0','00','60','00', '60','00','60','00','00','00'],
['00','00','e0','07','f0','0f','30','0c','30','0c', '30','0c','60','06','c0','03',
'c0','03','60','06','30','0c','30','0c','30','0c', 'f0','0f','e0','07','00','00'],
['00','00','e0','07','f0','0f','30','0c','30','0c', '30','0c','e0','0f','c0','0f',
'00','0e','00','0e','00','07','80','03','c0','01', 'e0','00','60','00','00','00'],
);
chdir($home);
open(COD, "<code.js");
$_= <COD>;
(my $num)= /(\d+)/;
$num-= 86400;
$num&= 0x0fff;
my $string= sprintf "%d",$num;
my @array= split //,$string;
my $width= @array * 16;
print "Content-type: image/x-xbitmap\n\n";
print "#define cnt_width $width\n";
print "#define cnt_height 16\n";
print "static char cnt_bits[]={\n";
for (my $field= 0; $field <= 30; $field = $field + 2) {
foreach $num (@array) {
print "0x$conv[$num][$field],0x$conv[$num][$field+1],";
}
print "\n";
}
print "};\n";


Refer to the code.pl program within your html as an image. <IMG SRC="http://www.yourdomain/cgi-bin/code.pl" ALT="number">. That's all there is to it!

SJP

Tom Howard
09-21-2004, 08:05 PM
Cool idea.

Thanks for the post.

FZ
09-23-2004, 12:40 PM
I agree. Thanks for sharing.