• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Avoiding SPAM/Abuse of the system

 
Ranch Hand
Posts: 2596
Android Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We have some actions which allow users to report error (mapped to HTTP 500) within system or other errors such as RNF-404. These actions send a mail to our admins & also create a new issue within our bug tracking system. Of late some people have started misusing the system & we get several SPAM messages in the bug tracking system & via e-mail as well.

I was just wondering how we could take care of this issue. One way is to use CAPTCHA - but it could be time consuming to implement as we have several pages posting to this action. I am wondering if there are any approaches that I could try to see if the posted inputs are indeed coming from our forms and not some programms writen to spam our system. I tried tracking "referer" but then even valid forms/pages send referer as "null" - so how can I enforce referer header?? Wjhat else can be done here?

Any inputs, pointers would be highly appreciated!

- Manish
[ March 05, 2007: Message edited by: Bear Bibeault ]
 
Ranch Hand
Posts: 948
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So you form is being submitted using a mailto address? It seems like you could switch over to a traditional form submission and have your Action code generate the email on the server side using something like the JavaMail API.

- Brent
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
By all means, if you have "mailto" URLs, replace them with proper form submissions. If you give away an email address like that, it's bound to attract spam.
 
Manish Hatwalne
Ranch Hand
Posts: 2596
Android Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We do indeed use JAVA mail API to send mail to cocerned people in the struts action. That form is geting abused by spam. The action code sends alert mail as well as creates a new issue in autmated bug tracking system.

It is this form which is getting flooded by SPAM messages instead of authentic error reporting by user. Any suggestions?

- Manish
 
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In that case, I think CAPTCHA is your best bet. There are, I believe some open source CAPTCHA implementations out there that shouldn't be too hard to integrate into your site.
 
Brent Sterling
Ranch Hand
Posts: 948
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So there are scum out there that just randomly fill out forms on the web with spam data? I had to look up what CAPTCHA. I find those things a pain, but I guess they serve a purpose.

- Brent
[ March 07, 2007: Message edited by: Brent Sterling ]
 
Manish Hatwalne
Ranch Hand
Posts: 2596
Android Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, there are tons of them around...filling out forms with several links & all that rubbish!!

- Manish
reply
    Bookmark Topic Watch Topic
  • New Topic