to much spam getting thru

[ScottR]

Hello:

One of my clients that I recently setup to use formmail.php is getting loads of spam all of a sudden now that forms have been added to the site. What can I do if anything to slow it down or stop it?

[asket]

hi

use the "AT_MANGLE" feature (formmail.php ~ line 2893)

PHP Code:

define("AT_MANGLE","AT"); 


regarding this feature I highly recommend you to read the following thread:
http://tectite.com/vbforums/showthread.php?t=807
there're very good examples about how to use it best and most effective

erik

[crabtree]

also, now that a spammer has the email address, there's nothing you can do other that change the email address and disable (delete) the old one.

AT_MANGLE works, but it's generally too late to close the barn door when the horse has already bolted.

[ScottR]

You are right about it just may being to late as I am doing this after the fact and the site being up for about two weeks.

Also one other problem which formmail has no control over and that is there are a few just regular email (mailto) links on the site. Even if I activated the define("AT_MANGLE","AT"); before putting the site up it most likely still would have not matter with the regular email mailto links.

[asket]

yep, too late

also it's better to avoid regular mailto links, at least i do so
there exist different methods to handle that, for example by using javascript ...
just search google for this topic, there you'll find a lot

[ScottR]

You're saying you don't have to use mailto ?

Can you send me example that you are using?

What exact words would I use to search?

[ScottR]

Disable or delete is impossible now due to this site belonging to a business and the domain.com cannot be changed of course and all the usernames in front of the @ symbol are already in place. In fact I am not even using the usual names like info, sales, and so forth. Every usernames is specific.

also, now that a spammer has the email address, there's nothing you can do other that change the email address and disable (delete) the old one.

AT_MANGLE works, but it's generally too late to close the barn door when the horse has already bolted.

[asket]

not exactly "no mailto", but:

for example:
http://www.net-force.nl/tools/anti-spam/

or:
http://www.polycoder.de/was-macht-de...str2ascii.html
(sorry, site only in german)

or:

<script language="JavaScript"><!--
var name = "protected";
var domain = "domain.com";
document.write('<a href=\"mailto:' + name + '@' + domain + '\">');
document.write(name + '@' + domain + '</a>');
// --></script>

or an extremely simply one from Phloo (a member from spotleid)

<a href="mailto:info_at_domain_point_de" onmouseover="this.href=this.href.replace('_at_','@');this.href=this.href.replace('_point_','.');">Mail me!</a>

there exist a lot more possibilities, scripts and also freeware apps


e: maybe too late for getting no spam, but not too late for getting less spam

[ScottR]

Yeah, I think you are right, won't eliminate what has been done but could help any new spam bots scanning. Thanks for the great help.

I tried the encoding method, wow, talk about the way it encodes if you use one of the automated procedures.

not exactly "no mailto", but:

for example:
http://www.net-force.nl/tools/anti-spam/

or:
http://www.polycoder.de/was-macht-de...str2ascii.html
(sorry, site only in german)

or:


or an extremely simply one from Phloo (a member from spotleid)


there exist a lot more possibilities, scripts and also freeware apps


e: maybe too late for getting no spam, but not too late for getting less spam

[asket]

till yet i haven't really used one of the automated methods
but the first one (net-force.nl) looks rather "heavy"

» Description
Spambots search / crawl the web for e-mail addresses to send you crap. For webmasters there are different ways to show an e-mail address on a web page, while hiding the address for spambots. For example, you can display a picture with the address on it, instead of the html link.

The script below uses two different ways to hide an e-mail address from spambots. First of all, it encodes the text to HTML entities. The browser displays these entities without a problem, but many spambots are fooled by this. The 'Less simple' and 'Heavy' way also use Javascript to hide the '<a href="mailto:">' tag and split up the e-mail address, so a spambot won't even detect it is a link.

Summary of methods:

Simple
HTML Entities
Less simple
HTML Entities, Javascript
Heavy
HTML Entities, Javascript, Split up

(quoted from http://www.net-force.nl/tools/anti-spam/)


regarding the second link (polycoder.de) there's to read that this encoding method is not exactly safe anymore, because in the meantime some searchengine-robots can readout such encrypted passages.
therefore I prefer a method using javascript or both, for paranoid ones ie the "heavy" method from net-force.nl