ListMailPRO Email Marketing Software Forums
ListMailPRO Email Marketing Software Forums => General Help & How-To => Topic started by: klausdahl on April 22, 2006, 02:47:08 am
-
Hi Dean,
Lately I've had a problem with people who try to spam my list.
They've signed up with other email addresses than their own. For
example, someone signed up with the company Paypal's support
email address: service@paypal.com
My question is this: Is there any way that I can set up the
validation procedure in your script, ListMail Pro, so that it can
filter away and show an error message when someone enters a
certain email address, such as, service@paypal.com or maybe an
AOL.com email address?
In other words, is it possible to disallow (ban) certain email
addresses (or domains like for example, email@aol.com or
email@hotmail.com) from being used in the fields used by ListMail
Pro?
I'll be very grateful if you'll please help me with this issue!
Thank you very much in advance!
Warmly,
Klaus Dahl
-
Klaus,
This is not yet a part of the program but there are some simple modifications that can be added to signup.php to prevent certain emails from subscribing. I fear that you may be pulled into a cat-and-mouse game by this troublemaker, however, as there are always more illegitimate addresses they will be able to find and add.
Immediately following the original LMP "include" lines at the top of signup.php
include("./config.php");
include("./admin.php");
Try adding:
if(strpos($email,'service@paypal.com') !== false
|| strpos($email,'bademail@paypal.com') !== false
|| strpos($email,'@baddomain.com') !== false
) exit('This email address may not subscribe.');
I will be implementing the ability to ban users in the very near future.
Regards
-
Thank you very much, Dean! So far it works perfectly for the email addresses I've tested. But you're right, it's difficult to prevent the problem entirely. But I'll do my best.
Adding this code (or a feature like it) to your excellent script, makes it even better. And it's very good already.
Thanks again, Dean!
Warmly,
Klaus
-
You might also ban the submitter at the IP level with a line such as follows:
if($_SERVER['REMOTE_ADDR']=='10.20.30.40') exit('You may not subscribe.');
You can check the submitter's IP by clicking 'Edit' next to a user in the User Database. I think this will be more effective than a per-email ban. I will definitely consider adding IP banning to the upcoming ban feature.
Regards
-
Thanks a lot, Dean!
The only problem with that is that in this case the spammer is apparently using an anonymous IP address.
But I totally agree, such a feature will be most useful. 8)
Thanks, my friend!
Best,
Klaus
-
A handy IP address to ban is this one: 83.149.74.179
I'm getting 100's of spoof subscriptions from that ip.
If anyone else has any to ban, let me know.
John
-
We have had an enormous amount of spam email addresses subscribing, even if they are deleted/removed, the resubscribe the following day.
Does the new version address this and enable a ban feature to be used in lieu of the programming lines you have noted below?
Thanks,
Nicole
on behalf of Jennifer
-
Sorry this is not yet a feature but I'm hoping to have it in the next major update. Until then you'll have to use the solution(s) mentioned in this thread.
Regards
-
Dean,
In the signup.php I inserted the following lines as directed:
if(strpos($email,'@hotbox.com') !== false
|| strpos($email,'mnebs@odfyuft.biz') !== false
|| strpos($email,'nilap@gmail.com') !== false
|| strpos($email,'dgfdt@dpfyudf.com') !== false
|| strpos($email,'nilap@gmail.com') !== false
|| strpos($email,'nilaw@gmail.com') !== false
|| strpos($email,'nilad@gmail.com') !== false
|| strpos($email,'nilaz@gmail.com') !== false
|| strpos($email,'dloolik@mail.com') !== false
|| strpos($email,'ujxtc@odvyhg.biz') !== false
|| strpos($email,'buyeewers@mail.com') !== false
|| strpos($email,'bolen@yahoo.com') !== false
|| strpos($email,'dgfdt@dpfyudf.com') !== false
|| strpos($email,'volaazased@mail.com') !== false
|| strpos($email,'dfyuh@nxvops.biz') !== false
|| strpos($email,'gavaldi@yahoo.com') !== false
|| strpos($email,'brodwich@yahoo.com') !== false
|| strpos($email,'dorwin@yahoo.com') !== false
|| strpos($email,'ixfcif@dpfytws.net') !== false
|| strpos($email,'man555@yahoo.com') !== false
|| strpos($email,'xofts@paeqx.org') !== false
|| strpos($email,'xarense41@yahoo.com') !== false
) exit('This email address may not subscribe.');
The largest spam signup offender is @hotbox.com. After implementing the new php file on Sept 7th, I tested it by trying to sign up for the newsletter on the website and the testing was successful.
I have however, just received 7 New Signup notificaitons for: generic_viagra@hotbox.com, paxil@hotbox.com, costume@hotbox.com, fiveonike@hotbox.com, cingular_ringtones@hotbox.com, amoxicillin@hotbox.com, & soma@hotbox.com
Any ideas?
Thanks,
Nicole
on behalf of Jennifer
-
Hi Nicole,
By all appearances it should work as expected. :? What happens if you try to subscribe one of those that made it through - does it deny subscription? Do you have any other methods of subscription, such as by email?
If you continue to have troubles please create a trouble ticket (http://listmailpro.com/support?t=other) with a description of the problem and information about your signup forms and I'll check into it free, as time allows. For faster service you could order a Server Analysis (http://listmailpro.com/support?t=analysis) for $35.
Regards
-
I followed your suggestion and tried the signup page, which allowed me to signup using one of the banned email addys. This prompted me to check the signup.php and I found that it was the original file without my ban prompts in it... :shock:
Not sure what happened there but I copied the new file back out and it is working again, my signup tests showed that it is prohibiting signup by these addresses again.
Thanks,
Nicole
on behalf of Jennifer
-
And to ban the user based on referring URL:
if(strstr($_SERVER['HTTP_REFERER'],'example.com/banned.html')) exit();
-
I came across this the other day. Apparently it can be setup to work with a variety of scripts (but I must admit I am more conversant with cgi than php).
It looks like this program may have some potential to stop spammers subscribing.
http://www.bad-behavior.ioerror.us/
Regards,
Clint.
-
The spam bot for me keeps trying to send URLs into one of the user fields (IE user3) for ads like:
http://vmig.stupidviagra_ad_whatever_url/index5.html
How would I use the above to top submissions if the http:// string or even .html string was found?
Thanks! This is great. Looks like a workable solution.
- reg
-
Also, it seems that the Reference URL that comes in for my signup notifications always says:
Ref. URL: Unknown
Any way to filter for that? As obviously Ref. URL: Should be a page from my website.
-
I don't recommend filtering based on referring URL because it can be omitted or faked by some browsers.
You can try this, which means "if no referrer, exit":
if(!$_SERVER['HTTP_REFERER'])) exit();
Regards
-
Thanks dean.
That'll work.
From the posting before, is there a way to block user3 (or any user field) when a http:// string or even .html string was found in the submission?
- reg
-
Yes, there is:
if(strstr($user3,".html") || strstr($user3,"http:")) exit();
If your server support it you may prefer "stristr" which is a case-insensitive search.
Regards
-
How I do it:
if(strpos($email,'service@paypal.com') !== false
|| strpos($email,'@paypal.com') !== false
|| strpos($email,'@yahoo.com') !== false
|| strpos($email,'@hotbox.com') !== false
|| strpos($email,'@missiongossip.com') !== false
|| strpos($email,'@aussiemail.com.au') !== false
|| strpos($email,'@boardermail.com') !== false
|| strpos($email,'@animail.net') !== false
|| strpos($email,'@moose-mail.com') !== false
|| strpos($email,'@snail-mail.net') !== false
|| strpos($email,'@whale-mail.com') !== false
|| strpos($email,'@wildmail.com') !== false
|| strpos($email,'@dbzmail.com') !== false
|| strpos($email,'@didamail.com') !== false
|| strpos($email,'@doramail.com') !== false
|| strpos($email,'@emailaccount.com') !== false
|| strpos($email,'@fastmail.fm') !== false
|| strpos($email,'@myfastmail.com') !== false
|| strpos($email,'@fastemailer.com') !== false
|| strpos($email,'@eml.cc') !== false
|| strpos($email,'@letterbox.org') !== false
|| strpos($email,'@fastermail.com') !== false
|| strpos($email,'@graffiti.net') !== false
|| strpos($email,'@hotmail.com') !== false
|| strpos($email,'@hushmail.com') !== false
|| strpos($email,'@hush.com') !== false
|| strpos($email,'@hush.ai') !== false
|| strpos($email,'@icqmail.com') !== false
|| strpos($email,'@indiatimes.com') !== false
|| strpos($email,'@kittymail.com') !== false
|| strpos($email,'@kids.co.uk') !== false
|| strpos($email,'@linuxmail.org') !== false
|| strpos($email,'@lycos.com') !== false
|| strpos($email,'@mail2world.com') !== false
|| strpos($email,'@mailpanda.com') !== false
|| strpos($email,'@138mail.com') !== false
|| strpos($email,'@asiamail.com') !== false
|| strpos($email,'@koreanmail.com') !== false
|| strpos($email,'@mailasia.com') !== false
|| strpos($email,'@myway.com') !== false
|| strpos($email,'@operamail.com') !== false
|| strpos($email,'@orcon.net.nz') !== false
|| strpos($email,'@outgun.com') !== false
|| strpos($email,'@postmaster.co.uk') !== false
|| strpos($email,'@prontomail.com') !== false
|| strpos($email,'@rediffmail.com') !== false
|| strpos($email,'@sacmail.com') !== false
|| strpos($email,'@sandiego.com') !== false
|| strpos($email,'@safe-mail.net') !== false
|| strpos($email,'@stalag13.com') !== false
|| strpos($email,'@surfy.net') !== false
|| strpos($email,'@ureach.com') !== false
|| strpos($email,'@tmicha.net') !== false
|| strpos($email,'@uymail.com') !== false
|| strpos($email,'@vfemail.net') !== false
|| strpos($email,'@wapicode.com') !== false
|| strpos($email,'@weekonline.com') !== false
|| strpos($email,'@yahoo.ca') !== false
|| strpos($email,'@yyhmail.com') !== false
|| strpos($email,'@mail.com') !== false
|| strpos($email,'@mailinator.com') !== false
|| strpos($email,'@netaddress.com') !== false
|| strpos($email,'@walla.com') !== false
|| strpos($email,'@zzn.com') !== false
|| strpos($email,'@firstname.com') !== false
|| strpos($email,'@thatweb.com') !== false
|| strpos($email,'@pookmail.com') !== false
|| strpos($email,'@10minutemail.com') !== false
|| strpos($email,'@xasamail.com') !== false
|| strpos($email,'@flashmail.com') !== false
|| strpos($email,'@juno.com') !== false
|| strpos($email,'@zoemail.com') !== false
|| strpos($email,'@emailias.com') !== false
|| strpos($email,'@spamex.com') !== false
|| strpos($email,'@spamgourmet.com') !== false
|| strpos($email,'@E4ward.com') !== false
|| strpos($email,'@gishpuppy.com') !== false
|| strpos($email,'@GuerrillaMail.com') !== false
|| strpos($email,'@jetable.org') !== false
|| strpos($email,'@greensloth.com') !== false
|| strpos($email,'@6url.com') !== false
|| strpos($email,'@spamday.com') !== false
|| strpos($email,'@kasmail.com') !== false
|| strpos($email,'@mailnull.com') !== false
|| strpos($email,'@sneakemail.com') !== false
|| strpos($email,'@spammotel.com') !== false
|| strpos($email,'@willhackforfood.biz') !== false
|| strpos($email,'@netmails.com') !== false
|| strpos($email,'@yahoo.*') !== false
) exit('<center>
<table border=2 align=center><tr><td><object width=425 height=344><param name=movie value=http://www.youtube.com/v/AOPkoNZf4gw&hl=en&fs=1&autoplay=1></param><param name=allowFullScreen value=true></param><param name=allowscriptaccess value=always></param><embed src=http://www.youtube.com/v/AOPkoNZf4gw&hl=en&fs=1&autoplay=1 type=application/x-shockwave-flash allowscriptaccess=always allowfullscreen=true width=425 height=344></embed></object>
</td></tr></table><font size=4 face=tahoma color=#333333>
<br />
Please sign up with a <i><u>non-disposable</i></u> email address <i>as requested.</i><br /> Thank You!<br /><br /><br /><br /><a href=http://imagesearchscript.com/dl> Back</a></center></font></p>');
Here's a sample of the above script in ACTION:
http://imagesearchscript.com/dl
Try to sign up with a hotmail or yahoo email and see how this works. You can modify the above to suit your needs. I tend to be a little fierce on my approach but it keeps 'most' spammers away - ticks them off actually -
while some get a chuckle. Some would never sign up weeding themselves out for me.
P.S. - I've tried to include most of the disposable or temporary emails available. The ones that spammers use only to get what they want and disappear. Since I'm trying to build a list, it makes no sense to send emails to people that will never read them. I've had LMP for years now and love it. I'm looking for a better looking captcha so if you have one and you can send over the set up exactly, I'd love to see it.
:P
-
I'm trying to block specific IP addresses as I'm being inundated by spammers. Will the following work? And does it slow down the sign up process? Anyone here know? Also wanted to find out if there was a way to have an HTML page displayed to the banned user, but I don't know how to code that within the following:
include("./config.php");
include("./admin.php");
if($_SERVER['REMOTE_ADDR']=='10.36.107.2') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='120.28.64.69') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='124.172.159.182') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='124.217.198.56') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='125.14.23.159') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='125.238.96.137') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='127.0.0.1') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='155.230.15.67') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='172.30.240.5') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='174.37.15.66') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='192.167.112.176') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='193.86.238.18') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='194.176.176.82') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='194.8.75.147') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='195.209.224.91') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='195.70.62.72') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='200.195.95.38') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='207.181.4.155') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='207.61.241.100') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='211.76.175.5') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='212.18.2.130') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='213.163.65.73') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='217.16.16.222') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='217.162.244.74') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='217.67.22.76') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='217.70.2.151') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='218.206.194.247') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='218.8.83.138') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='219.159.67.187') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='222.93.163.87') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='58.27.140.58') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='58.68.14.2') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='60.182.114.0') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='66.40.46.124') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='68.178.201.176') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='69.49.102.176') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='74.55.119.18') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='77.222.40.206') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='78.157.172.146') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='78.46.98.3') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='81.20.19.4') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='81.21.97.68') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='81.51.143.252') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='82.208.46.25') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='83.222.23.222') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='83.233.165.17') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='83.233.30.101') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='83.233.30.104') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='83.233.30.34') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='83.233.30.93') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='85.28.145.115') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='86.206.167.213') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='87.118.120.6') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='89.113.78.199') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='90.163.152.73') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='91.207.5.74') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='93.100.16.90') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='93.80.238.246') exit('You may not subscribe.');
if($_SERVER['REMOTE_ADDR']=='94.127.139.130') exit('You may not subscribe.');
// $DEBUG = 1;
Any help would be appreciated.
Thanks.
-
Klaus,
This is not yet a part of the program but there are some simple modifications that can be added to signup.php to prevent certain emails from subscribing. I fear that you may be pulled into a cat-and-mouse game by this troublemaker, however, as there are always more illegitimate addresses they will be able to find and add.
Immediately following the original LMP "include" lines at the top of signup.php
include("./config.php");
include("./admin.php");
Try adding:
if(strpos($email,'service@paypal.com') !== false
|| strpos($email,'bademail@paypal.com') !== false
|| strpos($email,'@baddomain.com') !== false
) exit('This email address may not subscribe.');
I will be implementing the ability to ban users in the very near future.
Regards
This is one email address you definitely want to ban http://10minutemail.com/ by using the following:
if(strpos($email,'@bsnow.net') !== false
) exit('This email address may not subscribe. This email address has a 10 minute expiry. We do not spam, however we do require real email addresses from our members.');
I'm going to search for disposable email addresses and add them all.
If anyone knows of such sites that offer this service please post them here to help out other users. If I find a lot of them I will post a master list at a later date.
-
Hi All, what I've done to eliminate the spamming was to check the box: confirmatin email, double opt in. This is on the config. page under welcome & configuration., Then yo only get a real subscriber. I was getting lts per day and this step eliminated it completely.
My problem now is that my followups and solo emails are not being sent or only partially sent. Any feedback on that? I ran 2 test, for SMPT & bounce.cgi, and I received 2 notifications that everything is configured correctly.
Thanks,
crystarot, (Ronnie)