Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by TheCanadian

  1. I use both client side and web mail viewers. I haven't enabled any filters for web mail, but for my mail clients (Eudora and Thunderbird mainly - I check mail on several machines, depending on where I am) I rely heavily on SpamAssassin's suggestions, and filter marked mail. For my business accounts I do no filtering beyond that because I don't want to accidentally trash new customer's inquiries. For my personal accounts, I trash any messages sent from someone who isn't in my address book that contain in the body src="cid: because I find that the majority of spam has embedded images. In the last several months, the only unwanted mail I've had to sort through (for my personal accounts) has pretty much been these nonsense form submissions. That K9 sounds interesting. I might try that out with some of the business accounts and see what happens.
  2. Yeah, and the more popular the site, the more of that comes in. I guess I'm getting more popular This stuff is just annoying though. At least if it had spam-like substance, I could block it. But this gibberish is just confusing. I was actually hoping there was a secret agenda behind it so it would make sense. Oh well! If anyone wants to use the topic to share spam-blocking code they've programmed into their form-to-mail scripts, I'm game. Apart from a blacklist of IPs, I have a lot of different methods of keeping spam at bay. Here's the most effective ones... On all variables passed to my mail processing script, I filter them with regular expressions for certain keywords and phrases: >@banwords = ('rteasddaws\@jksdhfue\.com','texas(\s|\W)?holdem','guym[ae]n','mugu','free(\s|\W)?poker','poker(\s|\W)?site','poker\.\w','(texas|online|SPAMMER-BEWARE|party|poker|craps|roulette|hold(\s)?em|free|black(\s)?jack)(\s|\W)?(texas|online|SPAMMER-BEWARE|party|poker|craps|roulette|hold(\s)?em|free|black(\s)?jack)','(buy|cheap|generic|cialis|online)(\s|\W)?(buy|cheap|generic|cialis|online)','facial(\s|\W)?cream','phentermine','bextra','dirfor\.com','dorank\.com','(http:\/\/(.|\n)*){3,}?','(href(.|\n)*){2,}?','free\S*ringtone','\[url.*\]','cheap(\s|\W)?cigarette','End \^\) See you','href(.|\n)*(\/url|atspace\.com)','svotyt.*google\.com','^\s(\cM\n|\n)(\s|\w)?(\cM\n|\n|$)','jestak\.com','I you all love','Xenical'); foreach $banword (@banwords) { if ($value=~/$banword/i) { &error('banned',$banword); } } I also check the from "name" and "email" variables sent to ensure they contain nothing more than they should: >if ($name eq 'Your Name') { if ($value=~/[^a-zA-Z0-9_\-\. \&\#\!\,]/ or length($value) > 60) { $warnings{$name}=$value; } $value=~s/[^a-zA-Z0-9_\-\. \&\#\!\,]//g; $value=substr($value,0,60); } elsif ($name eq 'Your Email') { if ($value=~/[^a-zA-Z0-9_\~\-\.\@]/ or length($value) > 60) { $warnings{$name}=$value; } $value=~s/[^a-zA-Z0-9_\~\-\.\@]//g; $value=substr($value,0,60); } Those two checks catch about 90% of the spambots and all of the attempted email injection attacks (AFAIK). The above code is Perl, but can easily be adapted to PHP.
  3. Hi all! I have contact forms on several pages that I use in lieu of mailto: links (so as not to get on spam lists), but I still get a fair amount of spam sent through the contact forms. Most of it I can filter out, and as far as I know, I'm protected up the ying-yang against spambots, email header injection, spam filtering, etc., but I get a lot of nonsensical messages sent through my forms. In most cases, they aren't even spam-like -- just random junk. Here's a sample of what most of what I get coming in looks like: >From: fdagg@hotmail.com (Meteor) Subject: Greetings from your website... Message-Id: <E1GuTEt-0005TU-AG@server329.tchmachines.com> Date: Wed, 13 Dec 2006 07:29:35 -0500 adult D --------------------------------------------------------------------------- Security Question: Is the moon made of cheese? No --------------------------------------------------------------------------- REMOTE_USER: REMOTE_IDENT: REMOTE_HOST: 221x114x194x12.ap221.ftth.ucom.ne.jp REMOTE_ADDR: HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) REQUEST_METHOD: POST I removed the "To:" line because it's my address. The variables at the bottom I use to track who sent the message. My email is hardcoded into the script for the To field. The subject is also hardcoded into the script. All other header fields that originate from the form (only name & email) are filtered to remove anything that shouldn't be there. For the name, anything that isn't alphanumeric or _ - . & # ! , is removed (and logged, so I can see if an injection attack was attempted), and for the from email, anything not alphanumeric or _ ~ - . @ is removed and logged. That security question is part of a series of bot-catcher questions I devised. It's randomly loaded from an array of multiple choice questions where there is always only one right (and stupidly obvious) answer. If whoever (or whatever) filling out the form answers wrong, they are immediately banned from using any CGI on my site (it's my personal page, so even if it's a real person who picked wrong, I don't need to talk to folks that dumb ). So with that protection (and more, but that could take hours to explain).. what gives? I get several of these gibberish contact form messages a day. Some have full sentences of stupidity, others just pointless words like that. But there's no URLs with these, and no injection attacks that I'm aware of, and some living person seems to have answered the question successfully. Is it just spambots that are getting luckily and randomly answering the questions right, or real people with way too much spare time? But where's the payload? What is the point? Is there a security hole other than those I've plugged that I could be missing? I've tried searching the web, but all I find is tons of articles from 2005 about injection attacks. I haven't found anything recent about these seemingly nonsense messages. Oh - one thing I seem to notice. They almost always have a single letter at the end of the message that doesn't seem to belong. Some message content examples:
  4. Darn! Well, I don't like the idea of automatically editing the .htaccess directly through CGI, so I guess I'll just have to periodically cut & paste the list myself. Thanks for the info!
  5. Hi All! I'm wondering if anyone knows how to include a file to be processed within the .htaccess file. What I'm looking to do is have a list of IPs generated by a CGI be included for processing in my .htaccess file. Basically, I have a section like this: <Files *.cgi> order allow,deny allow from all deny from XX.XX.XX.XX deny from XX.XX.XX.XX ...etc... </Files> Then I have a CGI I wrote which catches spam bots trying to post to a form on my site, and logs their IP address to a text file in the "deny from XX.XX.XX.XX" fashion. I'd like to have my .htaccess refer to this file to add them to my "deny from" list for CGIs. Can this be done?
  6. I thought that may have been the end result of what you were trying to do. So you would want a scrpt that would take something entered by a user, tag in onto the end of a predefined URL, then go to that URL... So if for example they would enter "images/header.jpg", and your default URL was "http://www.testing.com/", the browser would then go to "http://www.testing.com/images/header.jpg"? Javascript would be the simplest I would think. Something like this: ><html> <head> <title>Custom Redirect Script</title> <script type="text/javascript"><!-- function gohere() { var url="http://www.testing.com/"; var addon=document.getElementById('AddMe').value; location.href=url+addon; } //--></script> </head> <body> <form><input type="text" id="AddMe" size=50><input type="button" value="Go!" onClick="gohere();"></form> </body> </html> There's probably a neater way of doing that, but off the top of my head it's the simplest thing I could think of that does what I mentioned above (assuming that is what you are after?)
  7. Do you mean like what these sites provide? http://www.shorturl.com/ http://notlong.com/links/
  8. I have an .htaccess password protected directory which uses PHP to display content besed on who is logged in (using $_SERVER['PHP_AUTH_USER']). What I would like to do is make a logout script that would allow the user to leave the password-protected area and erase the password from the browser's cache without having to close their browser window. I've noticed that the CPanel does exactly that with a PHP logout page. How can I make a similar page?
  9. Darn... you were right, they won't add it. Can you think of another way of having a password-protected directory access (not just PHP or HTML files) integrated with MySQL? Any suggestions would be helpful! Thanks
  10. Yep, you're right, there it is: >.htaccess: Invalid command 'Auth_MYSQL_DB', perhaps mis-spelled or defined by a module not included in the server configuration Is this module something that can be added? Or is there another way to have a database-driven list of users that would work with the existing modules? PS - if it helps, phpinfo() tells me the following modules are loaded on the server I'm using: mod_security, mod_auth_passthrough, mod_log_bytes, mod_bwlimited, mod_php4, mod_frontpage, mod_ssl, mod_setenvif, mod_so, mod_auth, mod_access, mod_rewrite, mod_alias, mod_userdir, mod_actions, mod_imap, mod_asis, mod_cgi, mod_dir, mod_autoindex, mod_include, mod_status, mod_negotiation, mod_mime, mod_log_config, mod_env, http_core
  11. Hello! I'm wondering if mod_auth_mysql is installed on the servers, and if anyone has any experience using it. I've tried creating an .htaccess file using instructions I found online, but all I get is a 500 Internal Server Error. Here's the contents of my .htaccess file (minus the login info): >AuthName "Members Area" AuthType Basic Auth_MYSQL_DB ******** Auth_MySQL_Username ******** Auth_MySQL_Password ******** Auth_MYSQL_Password_Table members Auth_MySQL_Username_Field username Auth_MYSQL_Password_Field password Auth_MYSQL_Empty_Passwords Off Auth_MySQL_Encrypted_Passwords Off Auth_MYSQL On Auth_MYSQL_Group_Table members Auth_MYSQL_Group_Field type require group Admin
  12. Oh wait... I just noticed something! I just tried sending mail from all of my addresses from various domains configured in my mail program (90% hosted here) to the kozlov server. Something interesting happened... some messages went through, and others were bounced. But the domain of the return address had no effect on whether they worked or not! As it ends up, I can send mail to the kozlovcentre.com domain if the sending account is configured to use my ISP's smtp server, but not if I use my domain's (ie. TCH's) smtp server! Yet up until about 2 weeks ago, this was never an issue. Okay... so from what I can derive, something on either server29's mail server or kozlov's mail server changed sometime after Dec. 31 (my last successful e-mail sent to kozlov) and before Jan. 4 (the next time I sent a message - which was bounced) such that I can no longer send mail directly from my domain's mail server to their server (which is hosted at iPowerWeb, just to let you know). Unfortunately, since iPower's server admins are totally clueless about this issue (they did not even understand my questions - and I asked 4 times), I'm hoping someone here could help me figure it out (or at least give me enough info to say "this is exactly what's wrong with your mail server - fix it!". ). Either that, or let me know if I'm doing something wrong in sending mail through my domain. Currently, my smtp server is mail.<mydomain>.com, and so is my POP. I'm using Eudora 5.2, and I have to specifically tell it not use SSL when sending mail or I get the following error: Of course, all this is just for a band-aid solution until the pre-paid account expires at iPower and I push that client here.
  13. Argh... it's still happening! Mail my personal domain (and apparently from another domain I have) is still being bounced by that #&%!@ server! The weird thing is, it's being bounced when sent from domains under my Reseller account, but not when sent from an address using the main reseller account domain. I guess I'm going to have to submit a support ticket on this one. Thanks for your help!
  14. Nope, still bounces the message back for me. Although the error is slightly different this time:
  15. Hi all.. Just recently I started having trouble sending e-mail to one of my clients (who is unfortunately hosted on another server ) The error I get when trying to send from my personal e-mail account (hosted here) is this: This all seems to have started after he played with his mail filters (which seem to work exactly the same as the ones we have here in CPanel - no SpamAssassin though). He added a filter to block mail containing the a particular IP address in the header, and since then I can't send him mail! The IP doesn't match mine, but it shares the same first octet. Anyway, I had him remove the filter, but I still can't send him mail. We even removed all filters he had, and it doesn't seem to make a difference. The odd thing is, I can send mail to him from another address (also here on TCH) - using the same mail program and logged in with the very same IP address. It's as if my personal address is somehow blocked from sending him mail because of the initial failures while the spam filter was enabled. So is this a problem on my end or his? What exactly does that error, retry timeout exceeded, mean? The returned mail I'm getting doesn't seem to leave the TCH server: How can I resolve this? (or will it resolve itself in a few days?) Thanks!
  16. UPDATE: I think I may have discovered a possible pattern to the absent mail. E-mail messages originating from whatever@lego.com seem to be received without incident. However, mail from whatever@click.lego.com never comes through. Since I have no filters that are removing mail on the server, and I download all messages received (spam and all), what is blocking the messages from click.lego.com? Is it some kind of DNS issue?
  17. I use Eudora to read it via POP (I didn't know I could use IMAP - is that a better or worse method?). I don't have any filters on the server that should be filtering the mail, and in Eudora none of the filters prevent the mail from loading - it is only processed after being downloaded then is sent to the trash box in Eudora if appropriate (and I always review the trash before emptying it). I usually use my laptop to read mail, and leave important mail on the server until I can collect it later on my main machine for archiving.
  18. SpamAssassin is turned on for my main reseller cpanel account, but not the spambox (so I assume it will just mark the spam and leave it in the inbox - correct?). I also have *@dotster.com in the whitelist of that SpamAssassin's settings. I have 5 E-mail filters for discarding certain mail, none of which matches the Dotster mail. On my other accounts (which are sub-accounts of the reseller) SpamAssassin is not enabled, and there are no mail filters at all. Does the main reseller account's SpamAssassin and Mail Filter settings affect my client accounts? I didn't think that they should.
  19. Oops! I forgot to mention about that. The bounced message my friend received at Yahoo was his own fault - he sent it to the wrong address! He has since sent me mail without any troubles, so that isn't an issue. I have smacked him upside of the head for causing such a hassle. So thus far it has only been the two mailing lists mentioned above that I have not been receiving mail from, and I am certain I entered my address correctly for those.
  20. Hmm... this month I received my copy of Dotster's dotNews to my old e-mail account at my local ISP, but none of the copies meant for any account on this server showed up. Neither did any strange "bounced" mail messages. So I can't post a copy of the strange bounce messages because they seem to have stopped showing up. Although, I am still not receiving the mail I signed up for, so I'm back to square one. Is there be any server software that could be bouncing mail, other than the ones I have listed in CPanel? For reference, the two mailing lists I'm not receiving mail from are dotnews@dotster.com and LEGO@click.lego.com. For the latter, I did receive the confirmation message but nothing further. I have copies of both of the last newsletters sent out which came to my old ISP account if that will help, just let me know what info is needed from them and I'll post it. Thanks!
  21. The next one I get I'll post a copy of it. It's usually the Dotster monthly newsletter that I see a bounce of. Should be another one coming in a week.
  22. Hi! Since I moved my domain here, I've found it problematic signing myself up with a couple of mailing lists. Many times I would not receive certain mailings, but would receive others. Some mailings lists I have just never recieved anything from. Until now, I figured it was a problem on their end, but today I had a friend who uses Yahoo mail call to tell me that his e-mail messages he's trying to send me are getting bounced. I've also noticed something odd that occasionally happens -- I've set up different mail accounts within my domain for receiving mail from certain sites, and sometimes I get copies of what appears to be "bounced" mail in my default domain account. It's addressed back to the original sender of the mail, but the contents show the initial message was intended for one of my secondary accounts - yet I never received it in the first place to that account or my main account. I don't currently have SpamAssassin enabled and I don't have any mail filters that I think could be causing this, so I'm wondering - is there some other spam software running on the server that is bouncing these messages before they reach my inboxes? Is this a server-wide issue, or am I the only one having this problem? Thanks! - Jeff
  23. That's doable. 45 at a time, spaced out by 4 hours. Sounds good! Thanks.
  24. Any idea what is the maximum number of messages I could safely send at one time? Would it make a difference if they were BCCed?
  25. That's a great idea! I didn't think of just having a Cron that would run a program to check the database daily. Thanks! That should solve my problem and be really simple to set up. As for the mailing list, placing the addresses in the database is preferrable and mailing individually is also a very good solution. Thanks again! Will there be any problems with e-mailing large numbers of messages automatically at one time through the mail server? ie. Are there limitations in place to prevent spamming? This script is in no way designed for spamming, but if the list of recipients gets large (100+ is expected), I wouldn't want to be causing any problems.
  • Create New...