being attacked

Re: being attacked


bokke wrote:[color=blue]
> I have a newsletter signup form on my front page - you insert your
> e-mail hit submit and through php it sends it to me and the client in
> an e-mail. The problem is - someone is sitting at home going
> click-return-click-return-click-return-click.
> So I put a javascript making the person at least fake an e-mail address
> or it would not go to the next page. The problem is I think the person
> has the second page in favourites and every now and then goes there and
> hits refresh-refresh-refresh-refresh.
> I'm getting about 10 a day - How can I stop it? Help[/color]

DO you do any validation on the input in your script before you send
the email? If you don't you should add it.

Ken

Re: being attacked

bokke wrote:[color=blue]
> I have a newsletter signup form on my front page - you insert your
> e-mail hit submit and through php it sends it to me and the client in
> an e-mail. The problem is - someone is sitting at home going
> click-return-click-return-click-return-click.
> So I put a javascript making the person at least fake an e-mail address
> or it would not go to the next page. The problem is I think the person
> has the second page in favourites and every now and then goes there and
> hits refresh-refresh-refresh-refresh.
> I'm getting about 10 a day - How can I stop it? Help
>[/color]
Use the function sleep() to halt the script for a second or 2.

This way, automated scripts are slowed down.

Re: being attacked

I have a javascript runnong to check for input - but not the php script
to first validate before sending! Just What I Need!

Thanks

Re: being attacked

>I have a newsletter signup form on my front page - you insert your[color=blue]
>e-mail hit submit and through php it sends it to me and the client in
>an e-mail. The problem is - someone is sitting at home going
>click-return-click-return-click-return-click.[/color]

Your site is probably being used as a weapon in a spamming or
mail-bombing attack.
[color=blue]
>So I put a javascript making the person at least fake an e-mail address
>or it would not go to the next page.[/color]

Javascript is useless against clients that don't run it. If you
need to do validation, you need to do it ON THE SERVER. Doing it
in Javascript also makes for a nicer interface for users making
honest mistakes, but you need to do the check on the server to avoid
having your site hacked or database filled with junk.
[color=blue]
>The problem is I think the person
>has the second page in favourites and every now and then goes there and
>hits refresh-refresh-refresh-refresh.
>I'm getting about 10 a day - How can I stop it? Help[/color]

You shouldn't send any email to an email address entered by the
user if you have sent email to that address recently (which might
mean 1 day or 1 week). This would make the spammer/bomber come up
with *different* email addresses each time. That probably only
annoys bombers with a specific target in mind, but it might keep
your site out of blacklists. The down side is you need to keep
track of to whom and when you sent email (probably in a database).

Oh, yes, you might look at your web server logs, figure out this
guy's IP address ($_SERVER['REMOTE_ADDR']), or the IP block he
usually connects from, and refuse to send any mail.

Gordon L. Burditt

Re: being attacked

bokke wrote:
[color=blue]
> I have a newsletter signup form on my front page - you insert your
> e-mail hit submit and through php it sends it to me and the client in
> an e-mail. The problem is - someone is sitting at home going
> click-return-click-return-click-return-click.
> So I put a javascript making the person at least fake an e-mail address
> or it would not go to the next page. The problem is I think the person
> has the second page in favourites and every now and then goes there and
> hits refresh-refresh-refresh-refresh.
> I'm getting about 10 a day - How can I stop it? Help[/color]

Hi,

I would get his IP-address, and block that specific IP-address.
It is stored in $_SERVER['REMOTE_ADDR'].
Just hardcode into your mailingscript to block that num.
Also, send him back an endless loop with HTML-bull to keep his spammingline
occupied.
That guy is maybe trying to use your email-script as a gateway to send his
missirable spam into the world.
I do hate spammers so much...

Good luck

Regards,
Erwin Moller

Re: being attacked

Hello,

on 09/07/2005 12:54 PM bokke said the following:[color=blue]
> I have a newsletter signup form on my front page - you insert your
> e-mail hit submit and through php it sends it to me and the client in
> an e-mail. The problem is - someone is sitting at home going
> click-return-click-return-click-return-click.
> So I put a javascript making the person at least fake an e-mail address
> or it would not go to the next page. The problem is I think the person
> has the second page in favourites and every now and then goes there and
> hits refresh-refresh-refresh-refresh.
> I'm getting about 10 a day - How can I stop it? Help[/color]

I think those are nervous users that double click on the button by
accident or because they can wait and click again to make sure the site
gets the submitted form.

You may want to try this forms generation class that prevents submit
button double-clicking:




--

Regards,
Manuel Lemos

PHP Classes - Free ready to use OOP components written in PHP


PHP Reviews - Reviews of PHP books and other products


Metastorage - Data object relational mapping layer generator