473,748 Members | 9,913 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Verification sign up links

SOR
Although this currently defeats the spam bots in some respects - isnt it
just a mater of time before the spammers figure out a way to verify a
signup via email using rotating disposable email addresses or whatever .

And if so , Would it not be a good idea to separate the url and signup
verification code in the welcome email *now* rather than doing a rewrite
later given that non geeks tend not to update any apps they install on
their webspace in case it stops working .
Jul 25 '05 #1
7 2881
> And if so , Would it not be a good idea to separate the url and signup
verification code in the welcome email *now* rather than doing a rewrite
later given that non geeks tend not to update any apps they install on
their webspace in case it stops working .


Well you got my attention - but I don't follow - may have something to do
with the wine I have consumed...

could you expand on separating the url and signup verification code?

Thanks.

Michael
Jul 26 '05 #2
SOR
<comp.lang.ph p , Michael Phipps ,
gr************* *******@optusne t.com.au>
<42************ ***********@new s.optusnet.com. au>
<Tue, 26 Jul 2005 22:10:49 +1000>
And if so , Would it not be a good idea to separate the url and signup
verification code in the welcome email *now* rather than doing a rewrite
later given that non geeks tend not to update any apps they install on
their webspace in case it stops working .


Well you got my attention - but I don't follow - may have something to do
with the wine I have consumed...

could you expand on separating the url and signup verification code?


Spammers register on phpbb forums etc but they dont verify the signup by
clicking on the verification link in the welcome email as the spammers
use a bogus email address and dont receive the welcome email .

www.blah.com/?43543654365436

www.blah.com

43543654365436

If separated would this not make things a bit harder for the spammer
bots to verify the signup & then auto post spam to the forum .

As spamming methods evolve like everything else - isnt just a matter of
time the spammers figure out a way to receive the welcome email and
verify the signup .

Jul 26 '05 #3
> If separated would this not make things a bit harder for the spammer
bots to verify the signup & then auto post spam to the forum .

As spamming methods evolve like everything else - isnt just a matter of
time the spammers figure out a way to receive the welcome email and
verify the signup .


OK- separating the url and code would be a slow down technique - but of
course, that's assuming the spammer uses an address that receives the email
(as you already pointed out)

By having a real mail box that the spam script uses to receive and validate
welcome emails, isn't the spammer easier to track down and shutdown? I
think those "type the letters in the above graphic" systems are a more
effective method to prevent automatic sign up, and they aren't too difficult
to implement.

Michael
Jul 26 '05 #4
SOR
<comp.lang.ph p , Michael Phipps ,
gr************* *******@optusne t.com.au>
<42************ ***********@new s.optusnet.com. au>
<Wed, 27 Jul 2005 08:33:53 +1000>
OK- separating the url and code would be a slow down technique - but of
course, that's assuming the spammer uses an address that receives the email
(as you already pointed out)

By having a real mail box that the spam script uses to receive and validate
welcome emails, isn't the spammer easier to track down and shutdown? I
think those "type the letters in the above graphic" systems are a more
effective method to prevent automatic sign up, and they aren't too difficult
to implement.


Some servers dont have gd or imagemagic and cant use a image code .

Either way if there is a way to do it then rest assured the spammers
will find it or think of it .
Jul 26 '05 #5
On Tue, 26 Jul 2005 15:26:04 +0100, Peter Kerr
<we*******@spar esorrepair.co.u k.INVALID> wrote:
Spammers register on phpbb forums etc but they dont verify the signup by
clicking on the verification link in the welcome email as the spammers
use a bogus email address and dont receive the welcome email .
True, some of the time.
www.blah.com/?43543654365436
v.s.
www.blah.com 435436543654 36 If separated would this not make things a bit harder for the spammer
bots to verify the signup & then auto post spam to the forum .
For now. It could also make things unnecessarily harder for nubies to
register for - it's a trade-off, but it's worth considering in certain
circumstances. It's effectively the same as getting your credit card
and PIN on separate days in separate envelopes.
As spamming methods evolve like everything else - isnt just a matter of
time the spammers figure out a way to receive the welcome email and
verify the signup .


Yes and it's also just a matter of time until they use a throw-away
e-mail account to collect both e-mail's and combine them.

Everything evolves (trolls excluded ;-) - including crackers' attempts
at bypassing "security" measures, so deal with the real/current issues
now and re-visit your solution as "security" measures as
spammers'/crackers' responses to them evolve in parallel.

--
------------------------------------------------------------------
- Stuart Millington ALL HTML e-mail rejected -
- mailto:ph***@ds v1.co.uk http://w3.z-add.co.uk/ -
Jul 27 '05 #6
On Wed, 27 Jul 2005 08:33:53 +1000, "Michael Phipps"
<gr************ ********@optusn et.com.au> wrote:
By having a real mail box that the spam script uses to receive and validate
welcome emails, isn't the spammer easier to track down and shutdown? I
That depends on the logs of the "ISP" that provides the throw away, or
trojaned, accounts that they are using :-(
think those "type the letters in the above graphic" systems are a more
effective method to prevent automatic sign up, and they aren't too difficult
to implement.


But, they are not trivial to implement in a manner that allows
disabled access - a legal requirement in many countries.

--
------------------------------------------------------------------
- Stuart Millington ALL HTML e-mail rejected -
- mailto:ph***@ds v1.co.uk http://w3.z-add.co.uk/ -
Jul 27 '05 #7
SOR
<comp.lang.ph p , Stuart Millington , ne**@dsv1.co.uk>
<hi************ *************** *****@4ax.com>
<Wed, 27 Jul 2005 01:11:53 +0100>
Everything evolves (trolls excluded ;-)


Then your obviously not very good at trolling & you should stick to what
you know .
Jul 27 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
2605
by: Nel | last post by:
I have recently updated an on-line petition at www.fuelprotest.com The confirmation email contained a verification link like www.fuelprotest.com?cvote.php?uid=000&crc=8289fde1298721ac397392909edf2 (example link - this one won't work) However some users had problems with the link working. The email was just plain text using mail(). I have now changed it to MIME 1.0 and text/html. Would you please try
4
1545
by: Roy | last post by:
Maybe I am in the wrong place and doing this the wrong way... please tell me if you think there is a better way. I need to transfer some files from a server to the client workstation. The transfer has to be initiated from a page served up by the web server. This is easy enough to do with Java Script and Windows FSO but I have to loosen up the browser security and my (military) employer will not allow that. So, is there some way I can...
4
1837
by: thomas | last post by:
Anyone know how can I get a £ sign in the cell of a table that has been output by an xsl page I've tried <td>&#x00A3;<xsl:apply-templates select="./price" /></td> <td>£<xsl:apply-templates select="./price" /></td> both of these give a ? sign instead of a £ sign and the following gives an error
1
1486
by: VB Programmer | last post by:
I want to make an ecommerce/shopping cart ASP.NET page. How do I do credit card verification, etc? Any online tutorials or examples? Thanks, Robert
0
2189
by: pwilliams | last post by:
NCOALink Change of Address Verification Each year over 40 million Americans change their mailing addresses. This change is equivalent to every person in California deciding to change addresses and not tell you that they have moved. This uncertainty results in wasted spending on undeliverable address mail, returned mail and processing fees related to direct mail campaigns. NCOALink solves this problem for you. NCOALink provides you...
2
1714
by: Ws | last post by:
Hi all I'm trying to write up a module that *safely* sets sys.stderr and sys.stdout, and am currently having troubles with the function verification. I need to assure that the function can indeed be called as the Python manual specifies that sys.stdout and sys.stderr should be defined (standard file-like objects, only requiring a function named "write"). For an example output wrapper class, it could look something so simple
13
5494
by: Kal | last post by:
I have a small console app that started out in dotnet 1.1 in VS 2003. That version can be copied to a W2K3 server where it runs fine. I set up a new project in VS 2005 and copied the code files from 2003 to 2005 where they compile and run, no problem. When I copy the two files (exe & dll) to the same W2K3 server they fail with the Strong Name Verification Failed error. After running the console contains: "Unhandled Exception:...
3
2085
by: KDawg44 | last post by:
Hi, I would like a verification image for new sign ups on a website. Is there a way to call the PHP script through an AJAX call and have the image passed back and then display? Is there a way to pass the image serialized back to the browser and then displayed? (or something like that?) I know that I do not need to do it this way but I am wondering if its possible.
15
4804
by: sb5309 | last post by:
When one uses CAPTCHA (form with verification code), a session is required to keep the session data. In examples that I have seen on the net, I did not see a session is closed after use. Imagine a case when someone gets to a form with CAPTCHA, a session will be started in the server; and then the person decides to jump to another site without filling the form. The session data still exists in the server. If this scenario gets repeated...
0
8826
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9366
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
8239
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6793
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
6073
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4597
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
3303
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2777
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2211
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.