CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX 		Search Posts SEARCH
POSTS 		Who's Online WHO'S
ONLINE 		Log in LOG
IN

Home: Need a Custom or Prewritten Perl Program?: I need a program that...:
Recommend email form script

 


1novuser
Novice

Oct 25, 2004, 8:50 PM

Post #1 of 6 (2748 views)
Recommend email form script Can't Post
Hi I'm new to Perl..

I'm looking for a script to send mail to admin, write to file option and send to user w/custom message if selected.

I've been looking over the links on this site to the scripts, and there are so many to wade through. The BNB is close but I'd need to change a few things..

At a glance, the limitations are the the autorespond. I'd like to send copy to user if selected. Also insert desired fields, along w/the custom message. I have a few other requirements too..


So this is what I think I'd need:

0) send to designated admin email or multiples.
1) set up order of fields when form processed/mailed.
2) ability to enter subject for email (this is done w/a hidden field on the form yes).
3) if admin responds to email from form, ability to click reply and users email is auto entered.
4) process/send copy to users email if selected.
5) If 4 is selected, then check to see that email address is entered (don't need to validate, trusting user to enter correctly).
6) select which fields are to be sent to user along w/custom message.
7) write form results to file option (along w/time, browser, referrer options).
8) redirect to pages:
Success
A. page for general thank you (option to send copy to user not selected).
B. page for thank you, and display email address or other desired fields (when option to send to user is selected - via radio button).
Fail
A. If no email is entered and option is selected by user to send them a copy (4 above).
9) support checkbox and radio buttons (thought I saw somewhere this might be an issue.
10) prevent script access from other domains.


If there's anything I might need, would appreciate the suggestions.

Thanks very much


davorg
Thaumaturge

Oct 26, 2004, 3:59 AM

Post #2 of 6 (2743 views)
Re: [1novuser] Recommend email form script [In reply to] Can't Post
I think that the nms TFMail program will probably do most (if not all) of those things. Get it from [http://nms-cgi.sourceforge.net/].

--
Dave Cross, Perl Hacker, Trainer and Writer
http://www.dave.org.uk/
Get more help at Perl Monks


1novuser
Novice

Nov 6, 2004, 3:33 PM

Post #3 of 6 (2714 views)
Re: [davorg] Recommend email form script [In reply to] Can't Post
Hi Dave thanks for the suggestion but it won't send a copy to the sender/user/requestor - whatever. I've contacted the programmer (?) and they said the reason is to prevent spam. Although I don't see how they consider it to be spam if it is the person sending it.

Unless someone could modify this script it may not work.


davorg
Thaumaturge

Nov 7, 2004, 12:16 AM

Post #4 of 6 (2713 views)
Re: [1novuser] Recommend email form script [In reply to] Can't Post
If you're sending input that comes from the user to an email address that also comes from the user, then it's quite possible for that set-up to be used to send spam.

You have no way of knowing that the content that someone is submitting to you form isn't some kind of spam advert. And you have no way of knowing whether the email they give is actually theirs - it could be the address of a random person from the internet.

Combine those two facts with the fact that you can submit hundreds of web forms a minute using a very simple Perl program and you have perfect conditions for a spam engine.

No sensible formmail program will allow you to send user-submitted content to a user submitted email address.

--
Dave Cross, Perl Hacker, Trainer and Writer
http://www.dave.org.uk/
Get more help at Perl Monks


1novuser
Novice

Nov 8, 2004, 3:25 AM

Post #5 of 6 (2700 views)
Re: [davorg] Recommend email form script [In reply to] Can't Post
So then, you don't recommend having a form send copy to submitter?

Could have some safeguards such as set up a no index robot file..

I don't know if every form is found and exploited.

I would think there would be many other less time consuming ways to send spam then looking for a form, maybe I'm wrong.

And this is only really useful to the spammer if the form contains text area correct? Not much use from a text field.. I suppose just the text field would be targeted, but then all of these messages that they would send would also have the name of field before their advert...

What about setting the program to not allow so many submissions within a time period. There is no way this particular application/setup will have much traffic.

There is no way to authenticate to prevent exploitation for spam purposes? This send copy to submitter is needed.


davorg
Thaumaturge

Nov 8, 2004, 4:00 AM

Post #6 of 6 (2699 views)
Re: [1novuser] Recommend email form script [In reply to] Can't Post
In Reply To
So then, you don't recommend having a form send copy to submitter?
Correct.

In Reply To
Could have some safeguards such as set up a no index robot file..
Spammers will pay no attention to robots.txt.

In Reply To
I don't know if every form is found and exploited.
They pretty much are.

In Reply To
I would think there would be many other less time consuming ways to send spam then looking for a form, maybe I'm wrong.
Yes. Sorry, you're wrong. Spammers write programs that automatically probe web sites for insecure formmail programs. These probes send emails back to the spammers when an insecure installation is found.

They then use other programs which pretend to be a browser and submit hundreds of forms a minute to send out their spam.

In Reply To
And this is only really useful to the spammer if the form contains text area correct? Not much use from a text field.. I suppose just the text field would be targeted, but then all of these messages that they would send would also have the name of field before their advert...
That's right. They need to find the name of the text field and insert their advert there. But most formmail programs don't check the size of the data submitted for a field so the sheer size of the advert overwhelms any other data in the generated email.

In Reply To
What about setting the program to not allow so many submissions within a time period. There is no way this particular application/setup will have much traffic.
That's one suggestion. I've seen that implemented a few times.

In Reply To
There is no way to authenticate to prevent exploitation for spam purposes? This send copy to submitter is needed.
Of course, this is another way to block abuse. To force your visitor to register before they can send email using your formmail. This is how web mail programs solve the problem. But in most cases where you'd want to use a formmail, putting the extra registration step into the process would stop people from using the form.

Here's a simple experiment you can try. Do you have access to your web server's logs? Try looking in the error log on a server that doesn't have a formmail program installed. I can almost guarantee that you'll see a number of cases where people try to access formmail on the server. This will be the spammers programs probing the server for invunerabilities.

If you don't have access to the server logs thne take a look at this. The formmail.pl on my server simply dumps details of each request into this file, so you can see how frequently I get probed.

Is that clearer?

--
Dave Cross, Perl Hacker, Trainer and Writer
http://www.dave.org.uk/
Get more help at Perl Monks

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives