aspose file tools*
The moose likes Struts and the fly likes Avoiding SPAM/Abuse of the system Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Avoiding SPAM/Abuse of the system" Watch "Avoiding SPAM/Abuse of the system" New topic
Author

Avoiding SPAM/Abuse of the system

Manish Hatwalne
Ranch Hand

Joined: Sep 22, 2001
Posts: 2579

We have some actions which allow users to report error (mapped to HTTP 500) within system or other errors such as RNF-404. These actions send a mail to our admins & also create a new issue within our bug tracking system. Of late some people have started misusing the system & we get several SPAM messages in the bug tracking system & via e-mail as well.

I was just wondering how we could take care of this issue. One way is to use CAPTCHA - but it could be time consuming to implement as we have several pages posting to this action. I am wondering if there are any approaches that I could try to see if the posted inputs are indeed coming from our forms and not some programms writen to spam our system. I tried tracking "referer" but then even valid forms/pages send referer as "null" - so how can I enforce referer header?? Wjhat else can be done here?

Any inputs, pointers would be highly appreciated!

- Manish
[ March 05, 2007: Message edited by: Bear Bibeault ]
Brent Sterling
Ranch Hand

Joined: Feb 08, 2006
Posts: 948
So you form is being submitted using a mailto address? It seems like you could switch over to a traditional form submission and have your Action code generate the email on the server side using something like the JavaMail API.

- Brent
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42611
    
  65
By all means, if you have "mailto" URLs, replace them with proper form submissions. If you give away an email address like that, it's bound to attract spam.


Ping & DNS - my free Android networking tools app
Manish Hatwalne
Ranch Hand

Joined: Sep 22, 2001
Posts: 2579

We do indeed use JAVA mail API to send mail to cocerned people in the struts action. That form is geting abused by spam. The action code sends alert mail as well as creates a new issue in autmated bug tracking system.

It is this form which is getting flooded by SPAM messages instead of authentic error reporting by user. Any suggestions?

- Manish
Merrill Higginson
Ranch Hand

Joined: Feb 15, 2005
Posts: 4864
In that case, I think CAPTCHA is your best bet. There are, I believe some open source CAPTCHA implementations out there that shouldn't be too hard to integrate into your site.


Merrill
Consultant, Sima Solutions
Brent Sterling
Ranch Hand

Joined: Feb 08, 2006
Posts: 948
So there are scum out there that just randomly fill out forms on the web with spam data? I had to look up what CAPTCHA. I find those things a pain, but I guess they serve a purpose.

- Brent
[ March 07, 2007: Message edited by: Brent Sterling ]
Manish Hatwalne
Ranch Hand

Joined: Sep 22, 2001
Posts: 2579

Well, there are tons of them around...filling out forms with several links & all that rubbish!!

- Manish
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Avoiding SPAM/Abuse of the system