Maker Pro
Maker Pro

OT: FormMail for Dummies

J

Jim Thompson

Jan 1, 1970
0
I'm not very literate with any kind of programming, so I'm looking for
some kind of FormMail I can install on my website, without having to
know how to write scripts, etc.

Something SECURE of course.

Thanks!

...Jim Thompson
 
T

Tim Hubberstey

Jan 1, 1970
0
Jim said:
I'm not very literate with any kind of programming, so I'm looking for
some kind of FormMail I can install on my website, without having to
know how to write scripts, etc.

Something SECURE of course.

I don't know the answer to your FormMail question but you may want to
try something simpler.

I use some extremely simple Javascript to disguise my "contact me"
address. So far, fingers crossed, I haven't received any spam on it. You
can check out the method by going to my site and viewing the source. I
stumbled across the method while surfing so I can't take credit for it.

If this looks like it will work for you and you can't figure it out from
the code, you can contact me directly, through my website.
 
J

Jim Thompson

Jan 1, 1970
0
I don't know the answer to your FormMail question but you may want to
try something simpler.

I use some extremely simple Javascript to disguise my "contact me"
address. So far, fingers crossed, I haven't received any spam on it. You
can check out the method by going to my site and viewing the source. I
stumbled across the method while surfing so I can't take credit for it.

If this looks like it will work for you and you can't figure it out from
the code, you can contact me directly, through my website.

Thanks! I'll see if I can understand it ;-)

...Jim Thompson
 
J

Jim Thompson

Jan 1, 1970
0
I put my contact address in a small GIF file. I doubt that anybody is
going to scan it in there.

That's what I have right now, but one of my UseNet "buddies" seems to
have submitted it into the scammer's chain.

So I'm investigating a secure-form approach where I can obscure the
destination address.

...Jim Thompson
 
R

R Adsett

Jan 1, 1970
0
I don't know the answer to your FormMail question but you may want to
try something simpler.

I use some extremely simple Javascript to disguise my "contact me"
address. So far, fingers crossed, I haven't received any spam on it. You
can check out the method by going to my site and viewing the source. I
stumbled across the method while surfing so I can't take credit for it.

If this looks like it will work for you and you can't figure it out from
the code, you can contact me directly, through my website.

Or take a look at http://automaticlabs.com/products/enkoderform to avoid
having to re-invent the wheel. I use that and it hasn't been harvested.

For those people who don't have javascript on I also have a form
(provided by the ISP, apparently a fixed version of Formmail). Most of
what a get through that are attempts to break it.

Robert
 
T

Tim Hubberstey

Jan 1, 1970
0
R said:
Or take a look at http://automaticlabs.com/products/enkoderform to avoid
having to re-invent the wheel. I use that and it hasn't been harvested.

Thanks for the link! This looks significantly better than the method I
use so I think I'll switch over. The only problem is that if Automatic
Labs stops offering the tool, I'll never be able to figure out or modify
the code.
 
L

Luhan Monat

Jan 1, 1970
0
Tim said:
I don't know the answer to your FormMail question but you may want to
try something simpler.

I use some extremely simple Javascript to disguise my "contact me"
address. So far, fingers crossed, I haven't received any spam on it. You
can check out the method by going to my site and viewing the source. I
stumbled across the method while surfing so I can't take credit for it.

If this looks like it will work for you and you can't figure it out from
the code, you can contact me directly, through my website.

I put my contact address in a small GIF file. I doubt that anybody is
going to scan it in there.
 
J

Jim Thompson

Jan 1, 1970
0
Or take a look at http://automaticlabs.com/products/enkoderform to avoid
having to re-invent the wheel. I use that and it hasn't been harvested.

For those people who don't have javascript on I also have a form
(provided by the ISP, apparently a fixed version of Formmail). Most of
what a get through that are attempts to break it.

Robert

Told you I was a dummy. I used Enkoder to create the script and
inserted as instructed. Got a blank page :-(

...Jim Thompson
 
R

Rich Grise

Jan 1, 1970
0
Thanks! I'll see if I can understand it ;-)
Not much to understand - each %xx is the hex value of an ascii character;
unescape is a javascript command that turns each of them into the
character for the display, and apparently for the browser's mailto
facility, but apparently the spambots don't harvest it because it's
not in clear text. 'document.write' is kind of self-explanatory. :)

Cheers!
Rich
 
R

Rich Grise

Jan 1, 1970
0
Told you I was a dummy. I used Enkoder to create the script and
inserted as instructed. Got a blank page :-(

Post your HTML[0] - I'll fix it for you. Please see:
http://www.neodruid.org - mind you, this site isn't up all of the time,
because it's on my dual-boot system, so if you get a "host not found",
try later. As long as I'm on the NG, though, it's up.

If you have Linux/Apache/Perl, you could use any of Matt Wright's scripts.

BTW, I looked up 'define:blog' and EWWwwwww! It's a guest book for
oneself! "Hey, World! Looka My Diary! Guh-Hyuk!" Bleah! I was thinking of
modifying either Matt's wwwboard or his guestbook script, but heck - I'm
just going to use them the way they are.

Cheers!
Rich
[0] Or email it to me! ;-)
 
A

Active8

Jan 1, 1970
0
That's what I have right now, but one of my UseNet "buddies" seems to
have submitted it into the scammer's chain.

That's what I thought, thus my other reply. Speaking of yer buddies,
one of 'em's been gone more than Boki. I remember some bs he posted
last year about wanting to take up smoking again for health reasons
(and I geshh you figgered out hiza dr-dr-drunk ) Last I heard he was
messin' with some huge spud cannon with a pretty impressive range. I
wouldn't start dancin' yet but...

Talk about standards, sheesh!
So I'm investigating a secure-form approach where I can obscure the
destination address.

See my other post. < $10/month with real Linux host = in like Flynn.
And you'll have more email addys than you need that aren't dependant
on Cosuckerserver.
 
A

Active8

Jan 1, 1970
0
Not much to understand - each %xx is the hex value of an ascii character;
unescape is a javascript command that turns each of them into the
character for the display, and apparently for the browser's mailto
facility, but apparently the spambots don't harvest it because it's
not in clear text. 'document.write' is kind of self-explanatory. :)
Right. And he uses the little program I linked to get the ascii to
hex or decimal conversion of the addy you want to encode.

here it is again:
http://home.earthlink.net/~mcolasono/bin/Ascii2Hex.zip

You should be able to paste any html in there and it'll display
right, but encoded.

That isn't going to prevent that little prob last year, though. I
think Jim wants an address that can only be mailed through a web
form. And maybe you'd have to enter a code from a gif. I think by
doing that, it prevents him from revealing his email to anyone
wanting to spoof a header. Plus no spam :)

You could hack that out easy, if you know how to validate the input
so no system commands get by. PHP or perl to sendmail.

Any hosting service worth a damn should have free cgi scripts for
customer service kinda mail and connected to an https port, you get
your security... erm, if it's on a linux or bsd with ssl and all.
Don't expect any help from Coxsucker's though. For less than $10 a
month you've got a few great choices for Linux hosts, too.
 
J

Jim Thompson

Jan 1, 1970
0
On Sun, 06 Mar 2005 13:52:19 -0700, Jim Thompson wrote:
[snip]
That's what I have right now, but one of my UseNet "buddies" seems to
have submitted it into the scammer's chain.

That's what I thought, thus my other reply. Speaking of yer buddies,
one of 'em's been gone more than Boki. I remember some bs he posted
last year about wanting to take up smoking again for health reasons
(and I geshh you figgered out hiza dr-dr-drunk ) Last I heard he was
messin' with some huge spud cannon with a pretty impressive range. I
wouldn't start dancin' yet but...

Talk about standards, sheesh!
So I'm investigating a secure-form approach where I can obscure the
destination address.

See my other post. < $10/month with real Linux host = in like Flynn.
And you'll have more email addys than you need that aren't dependant
on Cosuckerserver.

My website is not on CoxSuckerServer, just my local connection ;-)

It's either use Cox HSI or use DSL from Qwest... BARF!

My website provider has a script, but it divulges the destination
address. I already have in-place a more-than-100-address whitelist.

I don't have time to learn how to write scripts or make forms, so I
was hoping to find, for purchase, a canned approach, just fill-in the
blanks.

...Jim Thompson
 
A

Active8

Jan 1, 1970
0
On Sun, 06 Mar 2005 13:52:19 -0700, Jim Thompson wrote:
[snip]
I put my contact address in a small GIF file. I doubt that anybody is
going to scan it in there.

That's what I have right now, but one of my UseNet "buddies" seems to
have submitted it into the scammer's chain.

That's what I thought, thus my other reply. Speaking of yer buddies,
one of 'em's been gone more than Boki. I remember some bs he posted
last year about wanting to take up smoking again for health reasons
(and I geshh you figgered out hiza dr-dr-drunk ) Last I heard he was
messin' with some huge spud cannon with a pretty impressive range. I
wouldn't start dancin' yet but...

Talk about standards, sheesh!
So I'm investigating a secure-form approach where I can obscure the
destination address.

See my other post. < $10/month with real Linux host = in like Flynn.
And you'll have more email addys than you need that aren't dependant
on Cosuckerserver.

My website is not on CoxSuckerServer, just my local connection ;-)

You mentioned their mail server giving you probs. You should have
emails with the hosting package.
It's either use Cox HSI or use DSL from Qwest... BARF!

My website provider has a script, but it divulges the destination
address. I already have in-place a more-than-100-address whitelist.

I don't have time to learn how to write scripts or make forms, so I
was hoping to find, for purchase, a canned approach, just fill-in the
blanks.

Lemmee see the webpage. Oh hell. My encoder ring doesn't decode, but
I see that cheesy JavaScript crap that brings up a mail client.

Are you hosted on a Linux box? They can set up php if it's not
already configured ( uncommented :) ) in httpd.conf -- I found a
couple scripts if you are. They'll send the message to the script as
a query string and the script just mails you the stuff and returns a
thank you page or whatever.

http://www.thesitewizard.com/wizards/feedbackform.shtml

Fill in the blanks. See if you can get the format you want out of
that and let me know. I can modify the format if you don't like it.
The script just spits html at the browser - but from the script
where you can't see the infernals.
 
J

Joerg

Jan 1, 1970
0
Hello Tim,
I use some extremely simple Javascript to disguise my "contact me"
address. So far, fingers crossed, I haven't received any spam on it.
You can check out the method by going to my site and viewing the
source. I stumbled across the method while surfing so I can't take
credit for it.


You might just be lucky so far. When you look at the link properties the
presented email address shows up nice and clear. Spammers that go just a
wee bit beyond a source parser should be able to snatch it.

As Luhan does I also use a small image file. I figure that serious
requests will be made despite the inconvenience to having to type the
address. Same with the phone number, and it works. If someone doesn't
want to read and type it probably wasn't urgent, like the umpteenth
offer of Tadalafil, whatever that is.

Regards, Joerg
 
T

Tim Hubberstey

Jan 1, 1970
0
Joerg said:
Hello Tim,


You might just be lucky so far. When you look at the link properties the
presented email address shows up nice and clear. Spammers that go just a
wee bit beyond a source parser should be able to snatch it.

True, but I've been using the same script segment for several years now
and it hasn't been a problem yet. I'm much more worried about being
harvested by a 'bot than I am about having an individual spammer go to
the trouble of going to my site and looking to see what shows up when
you hover over the link. That's also why I'd prefer not to use something
"canned" since having my implementation be slightly different from
others may be enough to keep the 'bots from zapping me.
As Luhan does I also use a small image file. I figure that serious
requests will be made despite the inconvenience to having to type the
address. Same with the phone number, and it works. If someone doesn't
want to read and type it probably wasn't urgent, like the umpteenth
offer of Tadalafil, whatever that is.

I also use an image file with my address in it so that people who don't
surf with Javascript turned on can still get the address.

In any case, the address I'm protecting is an alias so if it starts
collecting spam, I'll just change it to something else and beef up the
protection at the same time.

I think it's always a good idea to go with the simplest security until
it's breached. This way it will take longer for "superbots" to develop.
Sort of like not over-prescribing antibiotics to avoid breeding super-bugs.
 
R

R Adsett

Jan 1, 1970
0
Told you I was a dummy. I used Enkoder to create the script and
inserted as instructed. Got a blank page :-(

You do have to have javascript turned on in your browser. If that isn't
it I have no idea :(. I have a form on my page for those who don't want
to brwse with javascript on but it attracts different attacks (and I
don't know that it's generally available). The javascript doesn't help
much if the address ends of in someones e-mail address list and that gets
harvested by a piece of mal-ware but I've resigned myself to changing
public contact address's in that case.

Good Luck

Robert
 
R

R Adsett

Jan 1, 1970
0
Told you I was a dummy. I used Enkoder to create the script and
inserted as instructed. Got a blank page :-(

Post your HTML[0] - I'll fix it for you. Please see:
http://www.neodruid.org - mind you, this site isn't up all of the time,
because it's on my dual-boot system, so if you get a "host not found",
try later. As long as I'm on the NG, though, it's up.

If you have Linux/Apache/Perl, you could use any of Matt Wright's scripts.

Or maybe not. My ISP has banned his scripts outright. I understand (not
just from my ISP) that his formmail in particular is a security risk.

Robert
 
T

Tim Hubberstey

Jan 1, 1970
0
R said:
You do have to have javascript turned on in your browser.

Also, depending on what you're using to create the page, it may not show
up in your page creator either. I'm using the Composer app from the
Mozilla suite and apparently it doesn't understand Javascript because
nothing shows up in it. I have to look at the page with the browser
(with Javascript enabled) to be able to check it.
If that isn't
it I have no idea :(. I have a form on my page for those who don't want
to brwse with javascript on but it attracts different attacks (and I
don't know that it's generally available). The javascript doesn't help
much if the address ends of in someones e-mail address list and that gets
harvested by a piece of mal-ware but I've resigned myself to changing
public contact address's in that case.

That's why I have 2 addresses: one for the website that's an easily
changeable alias, and my *real* one that I give out to a select few. And
then, of course, there's the dozen or so free webmail addresses that I
use when I *know* I'm going to get spammed by someone. ;-)
 
Q

qrk

Jan 1, 1970
0
I'm not very literate with any kind of programming, so I'm looking for
some kind of FormMail I can install on my website, without having to
know how to write scripts, etc.

Something SECURE of course.

Thanks!
Check out the following:
Matt's Script Archive:
http://www.scriptarchive.com/

CGI Resource Center:
http://cgi.resourceindex.com/Programs_and_Scripts/Perl/

If you find these too unwieldy, I can give you a small script from our
web site.

Many of these require Perl. If your on a Unix machine, chances are
it's already installed. Perl for Windoze can be installed with ease.
http://www.activestate.com/Products/ActivePerl/ (highly rated)
http://people.netscape.com/richm/nsPerl/

Aloha, Mark
 
Top