Results 1 to 4 of 4
  1. #1
    Senior Member SJP's Avatar
    Join Date
    Aug 2003
    Location
    Orcas, Wa
    Posts
    205

    Default my anti-spam measure

    I wanted an easy way users could e-mail the web-site administrator. The easiest I can think of is a mailto: link, because most browsers will invoke the e-mail program when it is clicked. Problem is.... :cry:

    The most popular way is to use a SPAM filter of some sort or more extravagent technique like challenge-response. The method I'm using is simplest of all. But, it too has its disadvantages. It won't stop spammers from doing it by hand and you can't add the e-mail address to your address book and expect it to work the next day... These are pretty minor imo. Greatest advantage is very little overhead. Something to think about when your e-mail is getting swamped with SPAM and there are SPAMassassin processes or whatever being dispatched, chewing up your allotted CPU, memory, and disk leaving less for other needs.

    What I do is generate a unique code everyday. I use the number of seconds since Jan 1, 1970 the system maintains. I save this number in a js file so that I can retrieve it using javascript. When the web-page loads I use javascript to insert the e-mail address with the subject preset to the code into a mailto: link. For those folks whose browsers don't support mailto: links I also spell out the e-mail address and the number to put in the subject. I manipulate the time value so I can keep the number to four digits or less. So if you do have to do it manually it's not that big of a deal!

    When an e-mail comes in procmail will skip it if the code is not found in the subject. Since the code changes everyday who cares if the whole shebang gets picked up by the wrong people! It'll be useless tomorrow! This works under both 1.0 and 2.0. Here's my 1.0 implementation.

    1. Create a file in your home directory called "updt.sh". In it put the following and make it executable (chmod 0755 updt.sh):

    #!/bin/sh
    date '+var code=%s;' >$HOME/www/code.js

    2. Create a crontab entry. Better to have this number change when it's least likely someone would use it.

    5 4 * * * $HOME/updt.sh

    3. In your procmailrc modify this recipe:

    :0
    * ^TO_<?SJP@
    {
    CODE=`perl -e '$_=<>;($n)=/(\d+)/;$n-=86400;print $n & 0x0fff;' <$HOME/www/code.js`
    :0
    * $^Subject:.*$CODE.*
    |$HOME/redirect.pl
    }

    4. In your web-pages include the javascript file containing the code (<SCRIPT TYPE="text/javascript" SRC="code.js"></SCRIPT> and then do something like the following:

    <SCRIPT TYPE="text/javascript">
    <!--
    code-= 86400;
    code&= 0x0fff;
    document.write("<A STYLE='display:block' HREF=\'MAILTO:SJP@SanJuanPersonals.com?Subject=" + code + "\'>E-mail Us! - SJP@SanJuanPersonals.com<\/A>");
    document.write("<U STYLE='font-size:8pt'> Put " + code + " anywhere in the subject (today only!)<\/U>");
    // -->
    </SCRIPT>

    There's no reason why you couldn't use other means like PHP. This is just as effective as challenge-response could ever hope to be and it is so much easier to use. The only real difference between 1.0 and 2.0 is that the environment variable HOME is not set up so hard code it.

    SJP

  2. #2
    Senior Member SJP's Avatar
    Join Date
    Aug 2003
    Location
    Orcas, Wa
    Posts
    205

    Default ...part 2

    For those of you that do not want to rely on Javascript or want an easier way to integrate my tatic here's it is.

    This method uses an image to represent the code. You hard code your mailto: as before, but display a message that the code has to go in the subject. Instead of trying to explain things see it in action at http://www.SanJuanPersonals.com/ . You could arrange it so that if the e-mail didn't have the code instead of dropping it like a rock as I do you could let SPAMassassin munch on it and maybe stick it someplace the more suspicious stuff goes.

    Put the text below in your cgi-bin directory and call it code.pl . Make it executable (chmod 0755 code.pl). Change the home path to reflect your own.

    #!/usr/bin/perl
    use bytes;
    use integer;
    use strict;

    # c o d e . p l Written By, Jeff S. Dickson 21 September 2004

    my $home= '/www/sanjuanpersonals';
    my @conv = (
    ['00','00','e0','07','f0','0f','30','0c','30','0c', '30','0c','30','0c','30','0c',
    '30','0c','30','0c','30','0c','30','0c','30','0c', 'f0','0f','e0','07','00','00'],
    ['00','00','80','01','c0','01','e0','01','80','01', '80','01','80','01','80','01',
    '80','01','80','01','80','01','80','01','80','01', 'e0','07','e0','07','00','00'],
    ['00','00','e0','07','f8','1f','18','18','18','18', '18','1c','00','0e','00','07',
    '80','03','c0','01','e0','00','70','00','38','00', 'f8','1f','f8','1f','00','00'],
    ['00','00','f0','07','f0','0f','30','0c','00','0c', '00','0c','00','0c','c0','0f',
    'c0','0f','00','0c','00','0c','00','0c','30','0c', 'f0','0f','f0','07','00','00'],
    ['00','00','00','06','00','0f','80','0f','c0','0d', 'e0','0c','70','0c','f0','0f',
    'f0','0f','00','0c','00','0c','00','0c','00','0c', '00','0c','00','0c','00','00'],
    ['00','00','e0','0f','f0','0f','30','00','30','00', '30','00','30','00','f0','07',
    'e0','0f','00','0c','00','0c','00','0c','30','0c', 'f0','07','e0','03','00','00'],
    ['00','00','20','00','30','00','30','00','30','00', '30','00','30','00','f0','07',
    'f0','0f','30','0c','30','0c','30','0c','30','0c', 'f0','0f','e0','0f','00','00'],
    ['00','00','f0','0f','f0','0f','30','0c','30','0c', '00','06','00','03','00','03',
    '80','01','80','01','c0','00','c0','00','60','00', '60','00','60','00','00','00'],
    ['00','00','e0','07','f0','0f','30','0c','30','0c', '30','0c','60','06','c0','03',
    'c0','03','60','06','30','0c','30','0c','30','0c', 'f0','0f','e0','07','00','00'],
    ['00','00','e0','07','f0','0f','30','0c','30','0c', '30','0c','e0','0f','c0','0f',
    '00','0e','00','0e','00','07','80','03','c0','01', 'e0','00','60','00','00','00'],
    );
    chdir($home);
    open(COD, "<code.js");
    $_= <COD>;
    (my $num)= /(\d+)/;
    $num-= 86400;
    $num&= 0x0fff;
    my $string= sprintf "%d",$num;
    my @array= split //,$string;
    my $width= @array * 16;
    print "Content-type: image/x-xbitmap\n\n";
    print "#define cnt_width $width\n";
    print "#define cnt_height 16\n";
    print "static char cnt_bits[]={\n";
    for (my $field= 0; $field <= 30; $field = $field + 2) {
    foreach $num (@array) {
    print "0x$conv[$num][$field],0x$conv[$num][$field+1],";
    }
    print "\n";
    }
    print "};\n";


    Refer to the code.pl program within your html as an image. <IMG SRC="http://www.yourdomain/cgi-bin/code.pl" ALT="number">. That's all there is to it!

    SJP

  3. #3
    Senior Member Tom Howard's Avatar
    Join Date
    Jul 2003
    Posts
    132

    Default

    Cool idea.

    Thanks for the post.

  4. #4
    Senior Member FZ's Avatar
    Join Date
    May 2003
    Location
    Johannesburg, South Africa
    Posts
    1,024

    Default

    I agree. Thanks for sharing.
    Fayez Zaheer

Similar Threads

  1. New Feature to Reduce Spam - RBLs
    By WestHost - BChambers in forum E-mail / FTP Management
    Replies: 22
    Last Post: 07-10-2007, 07:43 PM
  2. Spam On Westhost Is Out Of Control
    By AMG in forum E-mail / FTP Management
    Replies: 19
    Last Post: 08-11-2006, 04:11 PM
  3. Procmail Rules Help Please
    By proaudiogear4less in forum E-mail / FTP Management
    Replies: 6
    Last Post: 04-16-2006, 04:54 AM
  4. Procmailrc not sending spam to /dev/null anymore
    By BrentA in forum E-mail / FTP Management
    Replies: 6
    Last Post: 07-11-2005, 09:30 PM
  5. SPAM In General
    By JDE in forum E-mail / FTP Management
    Replies: 31
    Last Post: 06-23-2004, 01:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •