I run a national directory of a professional group that has a membership database of several thousand. You can search the directory for a professional in your area and respond to them via a feedback form.

However a spammer has been hitting my directory lately, using the feedback form to try to sell things to my group. By the time I discover it and block his IP with .htaccess he has already spammed a few hundred people. Then in a few days he gets another ISP and starts again, I block him again, etc. It is an ongoing process.

What I need is a forms processing script that will reject a sender based on the content of their message they insert into the form. Since this spammer uses certain words in his spam that would not ordinarily be used by legitimate responders, I could easily block him with a few keywords that he uses in his spam messages.

Any one know if such a script exists? PHP, Perl, it doesn't matter, as long as it will work with Linux.

Thanks!

If your form uses PHP to send you can quite easily block out the spammer by content using the "IF" statement.

For example:
if ($message == "spam text") {
echo "This message has been rejected due to a spam risk";
}

Take a look here for more info: http://www.freewebmasterhelp.com/tutorials/php/index3.htm

rochen,

Your example will not work.

The message will most likely be an array (@) since it contains more then one line. You will have to make a regular expression that matches the content of the e-mail the spammer usually sends. It will help to know what form you use and in what language.

I currently use Matt Wright's formmail.pl version 1.92 (renamed to something else), but would change to a php form processing program if I could reject a user's message for content.

Any suggestions are appreciated!

Thanks!

I haven't tested it yet, but I think this should work in perl. First you will have to load the message into a variable (using "$message" as the variable), then you could use the following code:

$badwordfile = "path/to/file.txt"; #each bad word on one line

open(BADWORD, $badwordfile) || die("Could not open badword file!");
@raw_data=<BADWORD>;
close(BADWORD);

foreach $bad_line (@raw_data)
{
chop($bad_line);
($badword)=split(/\|/,$bad_line);

if ($message=~/$badword/) {
&spammer;
}
}

sub spammer {
print "Content-type: text/html\n\n";
print "This message has been rejected due to a spam risk!";
exit;
}

I believe that should do it. I know it is a little sloppy and could be optimized, but hey it's untested. If you need me to throw together a complete working script I may be able to do it for you.

You are forgetting to include in that code top stop the e-mail from being sent. You are including an error message, but where is the code that stops the e-mail from being sent?

hostseeker,

The spammer basically sends advertisment to the user via the feedback form. If you change the feedback for to something else, he will still be able to contact the end user no what matter form you use as long as there is a connection between the site and the end user.

What you can do is configure your mail server to filter e-mails being sent out.

Thank you for your reply.

This particular spammer always sends similiar type spam which contains certain words and phrases. If I could block those words and phrases and make the script terminate instead of send their email I think it would do the trick.

I was hoping to find a script with this feature already built in. (sorta like the badwords list on the old wwwboard) There are literally hundreds of form to email scripts and I have only looked at a few, but have seen none yet with this feature.

Look into my advise about filtering the e-mail by using your e-mail server.

Try a PHP script and use rochen's code

Originally posted by Shyne
You are forgetting to include in that code top stop the e-mail from being sent. You are including an error message, but where is the code that stops the e-mail from being sent?

In the code I posted above it is the "exit;" command that would stop all remaining preocesses from the script, including sending the email. You would place this code before you call the mailing portion of the script therfore not sending the email.

Just get a formmail that isn't broken.
http://nms-cgi.sourceforge.net/
is a drop in replacement for the Matt's Crapola Formmail

Originally posted by marksy
Just get a formmail that isn't broken.
http://nms-cgi.sourceforge.net/
is a drop in replacement for the Matt's Crapola Formmail

Thanks! Does this script have the content rejection feature that I originally posted about?

Originally posted by Shyne
You are forgetting to include in that code top stop the e-mail from being sent. You are including an error message, but where is the code that stops the e-mail from being sent?


The email will not get sent because he is using exit() in sub spammer. This will end the execution of the script immediately.

Originally posted by xerocity.com
I haven't tested it yet, but I think this should work in perl. First you will have to load the message into a variable (using "$message" as the variable), then you could use the following code:

$badwordfile = "path/to/file.txt"; #each bad word on one line

open(BADWORD, $badwordfile) || die("Could not open badword file!");
@raw_data=<BADWORD>;
close(BADWORD);

foreach $bad_line (@raw_data)
{
chop($bad_line);
($badword)=split(/\|/,$bad_line);

if ($message=~/$badword/) {
&spammer;
}
}

sub spammer {
print "Content-type: text/html\n\n";
print "This message has been rejected due to a spam risk!";
exit;
}

I believe that should do it. I know it is a little sloppy and could be optimized, but hey it's untested. If you need me to throw together a complete working script I may be able to do it for you.

Joel,

I tried this and it seemed to work, in that it gave the spam error when there was a badword in the text area named message in the form, however it still sent an email, although the "message" field that contained the spam was blank.

What's worse, when you didn't use a badword in the text area it seemed to work fine, returning the success HTML, however when the email is received the "message" field is blank just like it was when you put a badword in it.

I put the code after the check_required sub routine in formmail.pl and called it in that order also.

Thanks for your help, I'll keep trying.

Could you post or PM me all of your code? I do not think that it is my code that is doing that. Somewhere you are loosing the variable and therefore getting a blank message.

if ($text=~/(^MONEY$)/) {
die "$!";
}

Try that. Instead of money put some other word. Do not remove ^ and $.

thanks, I sent you the code by PM

I would advise not giving an error of a spam risk, simply because the spammer will reword their advertisement until it isn't caught. Therefore, I think you should just have them think it was sent successfully, and have the program simply not send the mail. This way, all they do is waste their time and don't improve their strategy any.

Thanks to all who replied on this, I finally got it to work.

I used the code posted by xerocity.com a couple of minor modification by changing this line:

if ($message=~/$badword/) {

to this line:

if ($Form{'message'}=~/$badword/) {

(where message was the name of my textarea field in the form)

And I did not print the message to the screen about the spam error, as someone suggested that would just make them more determined. I just print an error page, and they will think there is a problem with the web site.

Thanks again!

Good Luck, I hope you are able to stop the spammers. :D

Originally posted by hostseeker
...And I did not print the message to the screen about the spam error, as someone suggested that would just make them more determined. I just print an error page, and they will think there is a problem with the web site.

Thanks again!

I was just thinking, if I were you, I would make the "error page" (the one that the spammer will receive) look exactly like the message sent successful page. If you do this the spammer could be sitting there for hours thinking that he is actually doing something, while he is actually accomplisjing nothing! :D :D :D

Originally posted by xerocity.com


I was just thinking, if I were you, I would make the "error page" (the one that the spammer will receive) look exactly like the message sent successful page. If you do this the spammer could be sitting there for hours thinking that he is actually doing something, while he is actually accomplisjing nothing! :D :D :D

I could do this, however that would mean the spammer would be constantly searching my database through the thousands of members and sending messages to each one. Even though the messages wouldn't actually go through, just loading all the pages and using the script to search would mean lots of bandwidth.

With the error page (Internal Server Error as if something were wrong with the database program) perhaps he would just think it was broke and move on.

Thanks for your help!

This is a totally different approach to the problem, and if your site is really busy, it might be too much work, but you could set it up so that you or a moderator would have to approve each email message before it could be sent. That way, no matter who the spammer is or what text they put in their message, you would see it first and not allow it to be sent.

Originally posted by godfather
This is a totally different approach to the problem, and if your site is really busy, it might be too much work, but you could set it up so that you or a moderator would have to approve each email message before it could be sent. That way, no matter who the spammer is or what text they put in their message, you would see it first and not allow it to be sent.

Good idea, thanks!

However this site is real busy. It's not a discussion board, but a nationwide database of professional service people searchable by location, speciality, etc. It would be a little much to have to screen every contact form that went through the system as there are hundreds per day. It would only hold up the service people from getting their contacts and it would have to be screened 24/7.

The "badword" list seems to work really well. This particular spammer was unique in that his english wasn't very good and he used phrases not normally in use. So it was easy to block him using certain phrases that 99.9% of people would never use.