spam

Ways to sell your "body-enhancing" pharmaceutical delights

Spam, spam, glorious spam - the Poorhouse is privileged to receive hundreds of "amazing offers" in his email every day. They tend to correspond to one of just a handful of themes, such as gambling, pharmaceuticals and, of course, what could at its most euphemistic be called "bodily enhancement".

Some might say this is quite annoying, but hey, some of the phraseology these elite sales-people use is funny enough to make up for at least 1% of the annoyance of dealing with said spam. Read on for some highlights...ummm...adults only though please, and slightly NSFW, in a textual way. They are largely along the lines of knob gags.

Physical spam

The Poorhouse is constantly disappointed by only receiving a few hundred emails a day offering either "enlargo" or better yet some intricately complex - yet plausible - offer to give him a billion pounds in return for ooh, a mere few hundred of them or so. In advance. Yes, the money hasn't come through yet, but it's only a matter of a few more sendings of identity and moderately large sums of money to Nigeria away I'm sure.

Luckily, the physical doormat was also crammed with spam the other day - the finest of which is portrayed below.

Worst or best app ever?

When a program is described by some as the "Worst App Ever" ([1],[2]) and - rather fewer - others as "genius" (sorry no link - but apparently Nigel Powell of the Sunday Times said so), it clearly needs investigating.

Enter...3D Mailbox, a program so beautifully executed that its own website has a lengthy defense from the program's author that it is indeed not the worst software ever created.

Implementing CAPTCHA spam protection in PHP

Those people privileged enough to have websites with fancy (or non-fancy) forms on them will probably be all too aware of the evil spambots that come along and auto-fill them in with commercial nonsense, inane content or on occasions just blanks and hit the submit button. Depending on what the form does this tends to mean you'll get 1000 advertisement emails, a database full of rubbish or a few thousands complaints at spam. The Poorhouse has already discussed a few ways of dealing with the problem but another common one is illustrated here.

Why make me do maths?

In case anyone's wondering why these days if you are pleasant enough to leave a comment on this site you are challenged with a mighty maths question (such as 2+2=?), then the answer is that it is an anti-spam measure. It is effectively a CAPTCHA test, but unlike the classic "what letters do you see in this picture?" it is usable by people surfing without images.

The downside is that it would also be easier for the spam-bots to pass this test that the more visual ones, but spam so far has gone down from 70-100 comments a day to zero.

Check for spam PHP script instructions

Requirements:

The server you are using this script must support PHP. If you don't know what that means, ask your web host. If you wish to use the logging feature, you need to have a mySQL database installed and configured too.

Obtaining:

To start using the script for stopping some of that nasty spam, just download the zip file from here.

Installing and configuring:

First you should configure the script - load up checkforspam.php in a text editor. The things you may need to change are:

  • $maxlinktags = 4; - this defines how many instances of the phrase <a href or [url= it will take to trigger the message as being spam. Spammers often fill out forms with a big pile of links to their awful sites. If a message contains more links that $maxlinktags is set to (4 by default) it will be classified as spam.
  • Your database details. If you wish to log the script's decisions and the contents of the messages it processes along with details of the sender in a mySQL table this is where to configure it. Replace the values in it with the name of your database server, user, password, and a database you have already created.

Then there are two text files for you to add words to that you wish to be banned. Simply load them up in a text editor and add words to them, one per line. If a message or sender's address contains any word in these files, it will cause the message to be classified as spam. bademailwords.txt contains words that are banned in the sender's email address. badmessagewords.txt is the same but for the message content itself. These words act like case-insensitive substrings - that is to say that if you type "viag" into the badmessagewords.txt file, any message with "viag", "Viagra", "vIAg", "EvIaG" and so on would be classified as spam.

All done. Place checkforspam.php, bademailwords.txt and badmessagewords.txt on your webserver somewhere. The files with it are optional but you can use them for testing it if you so wish - once configured you can visit the included testspam.html on your server to check everything is working and how your configuration has tuned the detection.

If you wish to use the logging feature, you will need to create a table in an existing database of your choice. Using your favourite mySQL tool, create the table as defined in webform_messages.sql. Your table should be called webform_messages.

Using the script:

The script simply provides a function check_for_spam which takes three parameters. These are:

  • $from - the email address filled in by the user on the webform (if you don't want to check email addresses, you can always pass a valid-sounding email address to it)
  • $message - the message the user wishes to send
  • $logresult - set to true if you wish to log this attempt, false if not. For this to work you must have configured a mySQL database appropriately as above. If you haven't done this, always set $logresult to false

The file is designed to be included in another file which then calls the check_form_spam function before doing whatever your form would want to do with valid information, for example email it to someone. You can see an example of how this would work in the included checkifspam.php - see it in action by visiting testspam.html in your install.

Here is a basic PHP snippet to show how it could be used. Imagine this is the action page for a form with fields "email" and "message" which includes the website visitor's email address and message to send respectively.

<?php
include "checkforspam.php";

if (check_for_spam($_POST['email'],$_POST['message'],false) == true)
{
print "Spam detected

Check for spam PHP script

The Poorhouse is deadly opposed to the great evil that is spam, not least the perils of webform spam. Whoever first thought inventing a little program that toured the web typing in "Extra Good Viagra $1!!!" into a contact form and pressing send approximately 100 times a minute...well...no punishment is bad enough to exert.

In the course of being involved in a few sites, the Poorhouse has developed/stolen/borrowed a few simple ideas to combat it by pre-processing the input entered into the form before taking whatever action is required with the information. This could be sending an email to a member of the site, filling an entry in a database, and so on.

Reduce web irritation: Mailinator and Bugmenot

Heavens above, more ways to avoid web and email irritation. The Poorhouse is most frustrated when, before viewing some web page or downloading a file where the content is free and open to the public, your email address is demanded. Worse yet when you can't just type nonsense in as you then have to go check it in order to click on a link to confirm you are a real person - who can be sent adverts for Viagra.

It is often acceptable to demand some confirmation that you actually exist and are contactable in circumstances where you are going to be publishing content or paying money (for instance a web forum, or subscriber-only content) but for idle browsing it is just downright irritating to have to fill in a form, go check your email and so on for ostensibly no good reason - other than to let the site owner have your email address so they can email you "special offers" and the like.

Real life spam-be-gone

Carrying on from yesterday's venture into the evils of unsolicited credit card applications, the Poorhouse feels it right to alert the citizens of the UK to the Mailing Preference Service.

This is a free service (funded by the direct mail industry - which might have some bearing on some of the lies on the site about how virtuous and thoughtful all these companies are - but it is supported by Royal Mail) that allows you to make it known to all and sundry that you do not want to come home to a letterbox full of unwanted and random envelopes tempting you into, say, applying for a credit card you can't afford. Simply sign up with your name and address and in a few months apparently you will see approximately a 95% reduction in "personally addressed unsolicited sales and marketing direct mailings". The Poorhouse has taken advantage of this service and, whilst 95% might be pushing it a bit, there does actually seem to be some sort of reduction. The security of the site is a bit minimal, so if your enemies just love junk mail then why not play a mean trick and sign them up to prevent them taking advantage of all those "great offers" too?

Webform spam again - stop injecting

Non-medical injections are rarely a good idea; even when they're fun. This general life-rule is upheld in the domain of email headers too. Nefarious webform spammers are now abusing forms to not only (or necessarily) annoy the webmaster concerned, but rather use them to transmit email elsewhere. The Poorhouse imagines this will only increase as more and more people realise the need to lock down their mail servers from being an open relay and hence spammers need turn elsewhere to continue their evil.

The technique discussed here is known as email header injection as it consists of the spam-menace adding extra headers to the email that your webform will send to make it behave in ways that it really shouldn't; the obvious candidate being to send the form's "feedback" to a million innocent recipients rather than the single person that the webform designer had in mind.

Syndicate content