Plug-in: zem_contact_reborn

neptho · 2006-02-09 21:03:08

> thebombsite wrote:

> @neptho – thanks for the code. Now if you could just explain to me exactly what it is doing please.

It may be partially broken – so don’t integrate it JUST YET.. this is just a ‘beta’, that ‘works for me’. What it does is check any of the incoming data vatriables for a mime encapsulation which these bots use to send third party unsolicited email. This makes the script die when it sees that it is being fed multipart or mime encapsulated messages, which nobody should be doing from a contact form.

The alternatives are a redirect, or a ‘no, you can’t do that’ page, but, as the whole context is malicious, I prefer to shut them down with minimal efforts, and bandwidth on my part.

thebombsite · 2006-02-09 21:19:50

Thanks neptho. I’m still debating whether a “beta” fix is better than no fix at all until tranquillo sorts out the other method we were going to employ.

@Els – I haven’t actually tried anything yet but just reading through neptho’s code again here I think there should only be a single “)” after “FALSE”.

thebombsite · 2006-02-09 21:55:15

~~I won’t put this in the main post but if you want to try this out here’s a link~~.

Maybe if P would like to try this as well.

And don’t mention business sites please! I’ve just finished a redesign for FreshlyPressed with a complex contact form. Have a look. What do you think of the new logo?

Last edited by thebombsite (2006-02-11 00:18:09)

NeilA · 2006-02-09 22:14:46

Nice job on the logo Stu!

Haven’t been following lots of the recent zem-contact discussion, but good job on ‘Freshly Pressed’

Cheers

-P- · 2006-02-09 22:23:22

@Stuat Nice logo!! Veeery fresh :D

Thank you Stuart so much for your quick response regarding this spam problem! Hopefully that solves it.

But. I will test it tomorrow. Spent some serious time last week upgrading all my TXP sites to use contact_reborn. Then last nite added to every one of them a checkbox as a quick solution. Did not help. Spent this morning disabling all the contact forms. :D

So as Scarlet O´Hara, I´ll count now for tomorrow ;)

thebombsite · 2006-02-09 22:31:10

Thanks both. Actually the graphic was done for us in your neck of the woods NeilA. Must be all that sun :)

We still have the other method to incorporate so whether this one will remain as well, or be modified in some way I can’t say, but if a few here can test this method out then all the better. But I should reiterate what neptho says, it is “beta” so I don’t consider this as a main update release although you do now have the “fix” for the “select” validation problem.

Last edited by thebombsite (2006-02-09 22:33:06)

els · 2006-02-09 23:19:27

Thank you Stuart! Installed on six sites… now just sit and wait.

Very nice logo! Makes you wish it were summer again ;)

I have another question: I don’t know how this spam e-mail works, but in my form I don’t use copysender or subject. Yet in one of the mails was an extra subject line and a bcc mail adress (on aol.com). Does this mean anything?

thebombsite · 2006-02-09 23:35:23

I don’t think I know enough about it but it sounds to me like it is running through the code and picking up any fields that are there. Although you don’t use them for your form they are still run through in the code via the “ifs” so the bot probably sees them and fills them in. This is where the hidden “empty” fields would be useful, as the bot will see them, fill them in and promptly get stuffed.

But in the mean time if you can keep me posted on any spams you receive now that you have this method installed. I can’t do a lot at the moment as they haven’t tried hitting thebombsite yet. I haven’t installed this there, it’s only on my /test/ site so I await their arrival, at which point I shall install it and see what happens.

alannie · 2006-02-10 04:42:57

Hi, I recently came across this email injection article that seems to offer helpful solutions for preventing email injections, including MIME injections. I don’t have enough PHP knowledge to easily figure out whether these solutions have already been incorporated into the plugin, but thought I would pass it along just in case. The reference to the regexp library in particular looks like it might be a timesaver for building in additional security measures.

neptho · 2006-02-10 08:31:00

> doggiez wrote:

> Thank you Stuart! Installed on six sites… now just sit and wait.

Very nice logo! Makes you wish it were summer again ;)

I have another question: I don’t know how this spam e-mail works, but in my form I don’t use copysender or subject. Yet in one of the mails was an extra subject line and a bcc mail adress (on aol.com). Does this mean anything?

PHP Manual on mail() – It’s just simple injection.

If you look at the latest, it’s overkill, but “anton at basehost dot net”‘s idea is one of the more portable, and less taxing – I just made a simpler way. If there’s no MIME boundary, it should not be accepted by mail(). However, a more paranoid approach:

<pre> foreach ($zem_contact_form as $k => $v) { if ( // An array might make more sense, but it’s quick, and I lack motivation. strpos($v, ‘multipart/mixed’) != FALSE || strpos($v, ‘charset=”’) != FALSE || strpos($v, ‘mime-version:’) != FALSE ||strpos($v, ‘content-type=’) != FALSE || strpos($v, ‘bcc:’) != FALSE ) die(“No, I do not think so.”); $msg[] = $k.’: ‘.htmlspecialchars($v); }
</pre>

This has been tested and I have not had a spamthrough since I just used the ‘multipart/mixed’, but it’s not finished. This is only PART of the problem. Really, Stuart, etc, let me know what your plans are. This (contact) code is bad news. It might be easier to throw the baby away with the bathwater. Some things are just, well, wrong-ish.

Last edited by neptho (2006-02-10 08:44:30)

thebombsite · 2006-02-10 10:05:47

> neptho wrote:

> Really, Stuart, etc, let me know what your plans are. This (contact) code is bad news. It might be easier to throw the baby away with the bathwater. Some things are just, well, wrong-ish.

I’m not sure what you mean by that neptho. Are you saying that this particular plug-in code is bad news or contact form code in general?

As I’ve mentioned before we are looking at the “hidden empty field” method. Maybe a combination of both would be worth looking at?

@alannie – Thanks for the article pointer. I think I shall just go and emigrate now. :)

Last edited by thebombsite (2006-02-10 10:16:38)

-P- · 2006-02-10 10:54:57

About what neptho wrote, expanding that thinking we could just give up in general and go back maintaining static html sites with no excutable code in it. :)

Okay, it is easy for me to say since I´m not a coder. All I can do is inform my experiences. But seems like since it is more difficult for bots to harvest email addresses for spam purposes in the net, thanks to contact forms and email addresses marked in a way bots can´t understand, spammers are also finding better tecniques to achive their task.

And I want to note again that this is not just TXP:s contact form releated issue, same has happened with Wordpress and who knows what has been happening with small stand alone contact form scripts.

Princessdom is having her contact form back online since this morning. No successful malicious use yet.

Last edited by -P- (2006-02-10 10:57:18)

Textpattern CMS

Textpattern CMS support forum

#229 2006-02-09 21:03:08

Re: Plug-in: zem_contact_reborn

#230 2006-02-09 21:19:50

Re: Plug-in: zem_contact_reborn

#231 2006-02-09 21:55:15

Re: Plug-in: zem_contact_reborn

#232 2006-02-09 22:14:46

Re: Plug-in: zem_contact_reborn

#233 2006-02-09 22:23:22

Re: Plug-in: zem_contact_reborn

#234 2006-02-09 22:31:10

Re: Plug-in: zem_contact_reborn

#235 2006-02-09 23:19:27

Re: Plug-in: zem_contact_reborn

#236 2006-02-09 23:35:23

Re: Plug-in: zem_contact_reborn

#237 2006-02-10 04:42:57

Re: Plug-in: zem_contact_reborn

#238 2006-02-10 08:31:00

Re: Plug-in: zem_contact_reborn

#239 2006-02-10 10:05:47

Re: Plug-in: zem_contact_reborn

#240 2006-02-10 10:54:57

Re: Plug-in: zem_contact_reborn

Board footer